DRAG DROP - You have an Azure Key Vault that contains an encryption key named key1. You plan to create a Log Analytics workspace that will store logging data. You need to encrypt the workspace by using key1. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:  Suggested Answer: Customer-Managed key provisioning steps (assuming there already is an Azure Key Vault): Step 1: Enable soft delete for the key vault. The Azure Key Vault must be configured as recoverable, to protect your key and the access to your data in Azure Monitor. You can verify this configuration under properties in your Key Vault, both Soft delete and Purge protection should be enabled. Step 2: Create a Log Analytics cluster. Clusters uses managed identity for data encryption with your Key Vault. Configure identity type property to SystemAssigned when creating your cluster to allow access to your Key Vault for "wrap" and "unwrap" operations. Step 3: Grant permissions to the key vault. Grant Key Vault permissions. Create Access Policy in Key Vault to grants permissions to your cluster. These permissions are used by the underlay cluster storage. Open your Key Vault in Azure portal and click Access Policies then + Add Access Policy to create a policy with these settings: Key permissionsג€"select Get, Wrap Key and Unwrap Key. Etc. 1. Creating cluster 2. Granting permissions to your Key Vault 3. Updating cluster with key identifier details 4. Linking workspaces Step 4: Link workspace - Link workspace to cluster. This step should be performed only after the cluster provisioning. If you link workspaces and ingest data prior to the provisioning, ingested data will be dropped and won't be recoverable. Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/logs/customer-managed-keys This question is in AZ-400 Exam For getting Microsoft DevOps Engineer Expert Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by Microsoft. The website does not contain actual questions and answers from Microsoft's Certification Exams. Trademarks, certification & product names are used for reference only and belong to Microsoft.
Please login or Register to submit your answer