Practice free →
HomeAzure AZ-204cloudcomputingaz204storage › An app must encrypt user-uploaded blobs using a …

An app must encrypt user-uploaded blobs using a key the customer controls, rotates, and audits via Azure Key Vault. Which encryption mode applies?

ANo encryption at rest
BCustomer-managed keys (CMK) stored in Azure Key Vault
CHardcoding an AES key in the application source
DMicrosoft-managed keys with no per-key control
Answer & Solution
Correct answer: B. Customer-managed keys (CMK) stored in Azure Key Vault
CMK in Key Vault gives rotation + access policies + audit. Microsoft-managed keys are the default but no per-key control. No encryption fails the requirement. Hardcoded keys leak immediately.
Solve this in the app — Azure AZ-204 practice & 24k+ MCQs →
Related questions