Which Azure service is used to store and manage encryption keys?

  1. Azure SQL Database
  2. Azure Cosmos DB
  3. Azure Key Vault ✓
  4. Azure Storage Accounts

Correct answer: Azure Key Vault

Option C is correct because Azure Key Vault is the dedicated Azure service for securely storing and managing cryptographic keys, secrets, and certificates, with hardware security module (HSM) backing options and fine-grained access policies. Option A is wrong because Azure SQL Database is a managed relational database service and does not serve as a key management system, though it can integrate with Key Vault for transparent data encryption. Option B is wrong because Azure Cosmos DB is a globally distributed NoSQL database service and has no key management functionality. Option D is wrong because Azure Storage Accounts are used for blob, file, queue, and table storage; while they can store data encrypted at rest, they are not the designated service for managing encryption keys.

Topic: · azure key vault, encryption keys, secrets management, azure security

Practice Microsoft Azure Security Engineer (AZ-500) Questions Free