Home › Azure AZ-500 › cloudcomputing › az500compstoragedb › Which Azure VM security feature lets a security …
Which Azure VM security feature lets a security engineer require all data passing between the host hypervisor and the VM to be encrypted in flight + decrypted only inside an attested trusted execution environment?
AStandard B-series VMs with no confidential computing
BAzure Cache for Redis
CAzure DNS
DConfidential VMs (AMD SEV-SNP / Intel TDX-backed confidential computing)
Answer & Solution
Correct answer: D. Confidential VMs (AMD SEV-SNP / Intel TDX-backed confidential computing)
Confidential VMs use hardware-backed TEEs (per AZ-500 §3 advanced compute). The other options aren't confidential computing.
Related questions
Which Azure Storage feature should a security engineer enable to require all reads/writes Which Azure SQL feature lets a security engineer enable Microsoft Entra ID-based DB loginsWhich Azure SQL feature should a security engineer enable to obscure sensitive column valuWhich Azure SQL Database feature should a security engineer recommend to encrypt sensitiveWhich Azure SQL Database feature should a security engineer enable to encrypt data at restWhich Azure storage feature lets a security engineer generate a TIME-LIMITED, scope-bound Which Azure storage authentication option should a security engineer prefer over shared-keWhich Azure storage feature should a security engineer use to PROTECT BLOBS from accidenta