Encryption — Microsoft Azure Solutions Architect (AZ-305) Practice Questions
Encryption in Azure encompasses protecting data at rest, in transit, and in use through platform-managed or customer-managed cryptographic controls. AZ-305 candidates must understand Azure's layered encryption model, including transparent data encryption for Azure SQL, server-side and client-side encryption for Blob Storage, TLS enforcement for data in transit, and Azure Confidential Computing for data in use. The exam also covers where keys are stored, using Azure Key Vault versus managed HSMs, and the difference between platform-managed keys, customer-managed keys, and customer-provided keys. Architects are tested on selecting the right encryption approach to satisfy regulatory requirements and minimize operational overhead.
Free questions on encryption
You are designing a data retention and compliance solution for an organization subject to GDPR and data residency requirements. What approach ensures compliance while maintaining data availability?
Free question · hard · full answer + explanation
An organization stores encryption keys in Azure Key Vault and must ensure those keys remain accessible even if the Azure region hosting the vault becomes completely unavailable. Which built-in Azure Key Vault capability directly addresses cross-region key availability without requiring custom scripts or manual backup processes?
Free question · medium · full answer + explanation
More encryption questions in the full bank
- An organization requires that all data stored in Azure Storage accounts in a specific subscription must use customer-managed keys (CMK) for encryption. What is the most scalable way to enforce this policy across existing and future storage accounts? Unlock answer & explanation →