Which four actions should you perform in sequence?

DRAG DROP

You are developing an Azure-hosted application that must use an on-premises hardware security module (HSM) key.

The key must be transferred to your existing Azure Key Vault by using the Bring Your Own Key (BYOK) process.

You need to securely transfer the key to Azure Key Vault.

Which four actions should you perform in sequence? To answer, move the appropriate

actions from the list of actions to the answer area and arrange them in the correct order.

View Answer

Answer:

Explanation:

Text

Description automatically generated

To perform a key transfer, a user performs following steps:

✑ Generate KEK.

✑ Retrieve the public key of the KEK.

✑ Using HSM vendor provided BYOK tool – Import the KEK into the target HSM and exports the Target Key protected by the KEK.

✑ Import the protected Target Key to Azure Key Vault.

Step 1: Generate a Key Exchange Key (KEK).

Step 2: Retrieve the Key Exchange Key (KEK) public key.

Step 3: Generate a key transfer blob file by using the HSM vendor-provided tool. Generate key transfer blob using HSM vendor provided BYOK tool

Step 4: Run the az keyvault key import command Upload key transfer blob to import HSM-key.

Customer will transfer the Key Transfer Blob (".byok" file) to an online workstation and then run a az keyvault key import command to import this blob as a new HSM-backed key into Key Vault.

To import an RSA key use this command:

az keyvault key import