What is the function of the operation that returns a data key encrypted under a specified KMS key?

Disable ads (and more) with a premium pass for a one time $4.99 payment

Prepare for the Microsoft Certified: Identity and Access Administrator (SC-300) Exam. Study with effective quizzes featuring detailed explanations and hints. Enhance your certification journey!

The operation that returns a data key encrypted under a specified Key Management Service (KMS) key is GenerateDataKeyWithoutPlaintext. This operation is designed to create a new data encryption key and then encrypt it using the specified KMS key. The result is an encrypted version of the data key that you can safely store or transmit without exposing the plaintext version of that key.

The importance of using this operation lies in the way it enables secure handling of cryptographic keys. By ensuring that the actual plaintext key is not returned, it reduces the risk of key exposure during storage or transit.

In contrast, other options represent different functionalities:

  • DecryptDataKey is focused on decrypting an existing encrypted key, which implies that the key has already been generated and encrypted.
  • EncryptDataKey would typically be used to encrypt an arbitrary plaintext key, but does not specifically imply the generation of a new data key as part of the operation.
  • CreateDataKey would suggest generating a new encryption key, but it usually returns the plaintext key itself, which is not the case with GenerateDataKeyWithoutPlaintext.

Thus, GenerateDataKeyWithoutPlaintext is specifically suited for generating a secure, encrypted key while keeping the plaintext data key safe from exposure.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy