Azure Storage Encryption — Microsoft Azure Solutions Architect (AZ-305) Practice Questions
Azure Storage encryption refers to the automatic encryption of all data written to Azure Blob, File, Queue, and Table Storage using 256-bit AES encryption, enabled by default for all storage accounts with no performance impact. For AZ-305, candidates must understand the distinction between Microsoft-managed encryption keys, customer-managed keys stored in Azure Key Vault, and infrastructure encryption (double encryption at the hardware layer). The exam tests scenarios where compliance mandates customer control over key rotation and revocation, requiring architects to configure Key Vault integration and define key expiry policies. Architects must also understand how encryption scopes allow different encryption keys within a single storage account for multi-tenant or data-classification scenarios.