Free Microsoft Cybersecurity SC-100 Actual Exam Questions - Question 7 Discussion
compliance and privacy requirements:
• Encrypt cardholder data by using encryption keys managed by the company.
• Encrypt insurance claim files by using encryption keys hosted on-premises.
Which two configurations meet the compliance and privacy requirements? Each correct answer
presents part of the solution. NOTE: Each correct selection is worth one point.
B imo, since Managed HSM offers more company control than Microsoft-managed keys.
A imo, since C doesn’t support on-premises keys for insurance claims.
The question clearly wants on-premises key control for insurance claims, so A fits since customer-provided keys let you bring your own. For cardholder data, B works because Managed HSM is more company-controlled than Microsoft-managed keys. So A and B.
Maybe B and A work here. B fits because the cardholder data needs keys managed by the company, and Azure Key Vault Managed HSM sounds like it's company-controlled. A mentions customer-provided keys for the insurance claims, which fits with hosting keys on-premises. D’s out since Microsoft-managed keys don’t meet the requirement of company-managed encryption keys. C doesn’t seem right since it uses Azure Key Vault for insurance claims, while the question says those keys should be hosted on-premises. So feels like A and B cover both sets of requirements nicely.