Customer-Managed Keys — Microsoft Azure Solutions Architect (AZ-305) Practice Questions

Customer-managed keys (CMK) allow organizations to generate, own, and control the cryptographic keys used to encrypt Azure resources, rather than relying on Microsoft-managed keys. On AZ-305, this topic covers integrating Azure Key Vault or Azure Managed HSM with services such as Azure Storage, Azure SQL Database, Azure Disk Encryption, and Cosmos DB to enforce CMK-based encryption. Architects must understand the operational responsibilities that come with CMK, including key rotation schedules, access policy design to prevent accidental key deletion, and the impact on service availability if a key is disabled or expired. Exam questions test the ability to design a CMK architecture that satisfies regulatory requirements for key custody while maintaining resilience and minimizing administrative overhead.

Free questions on customer-managed keys

More customer-managed keys questions in the full bank

• Your organization requires zero-knowledge proof for security. How should you architect? Unlock answer & explanation →
• An organization requires that all data stored in Azure Storage accounts in a specific subscription must use customer-managed keys (CMK) for encryption. What is the most scalable way to enforce this policy across existing and future storage accounts? Unlock answer & explanation →