HOTSPOT
You plan to deploy a new application to a Linux virtual machine (VM) that is hosted in Azure.
The entire VM must be secured at rest by using industry-standard encryption technology to address organizational security and compliance requirements.
You need to configure Azure Disk Encryption for the VM.
How should you complete the Azure Cli commands? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Box 1: keyvault
Create an Azure Key Vault with az keyvault create and enable the Key Vault for use with disk encryption. Specify a unique Key Vault name for keyvault_name as follows:
keyvault_name=myvaultname$RANDOM
az keyvault create
–name $keyvault_name
–resource-group $resourcegroup
–location eastus
–enabled-for-disk-encryption True
Box 2: keyvault key
The Azure platform needs to be granted access to request the cryptographic keys when the VM boots to decrypt the virtual disks. Create a cryptographic key in your Key Vault with az keyvault key create. The following example creates a key named myKey:
az keyvault key create
–vault-name $keyvault_name
–name myKey
–protection software
Box 3: vm
Create a VM with az vm create. Only certain marketplace images support disk encryption. The following example creates a VM named myVM using an Ubuntu 16.04 LTS image:
az vm create
–resource-group $resourcegroup
–name myVM
–image Canonical:UbuntuServer:16.04-LTS:latest –admin-username azureuser –generate-ssh-keys
Box 4: vm encryption
Encrypt your VM with az vm encryption enable:
az vm encryption enable
–resource-group $resourcegroup
–name myVM
–disk-encryption-keyvault $keyvault_name
–key-encryption-key myKey
–volume-type all
Note: seems to an error in the question. Should have enable instead of create.
Box 5: all
Encrypt both data and operating system.
References: https://docs.microsoft.com/bs-latn-ba/azure/virtual-machines/linux/encrypt-disks
Leave a Reply