You manage a cloud service that utilizes data encryption.
You need to ensure that the certificate used to encrypt data can be accessed by the cloud service
application.
What should you do?
A.
Upload the certificate referenced in the application package.
B.
Deploy the certificate as part of the application package.
C.
Upload the certificate’s public key referenced in the application package.
D.
Use RDP to install the certificate.
Explanation:
The developer must deploy the public key with their application so that, when Windows Azure spins up
role instances, it will match up the thumbprint in the service definition with the uploaded service
certificate and deploy the private key to the role instance. The private key is intentionally non-exportable
to the .pfx format, so you won’t be able to grab the private key through an RDC connection into a role
instance.
Field Note: Using Certificate-Based Encryption in Windows Azure Applications