HOTSPOT - You plan to deploy a new application to a Linux virtual machine (VM) that is hosted in Azure. The entire VM must be secured at rest by using industry-standard encryption technology to address organizational security and compliance requirements. You need to configure Azure Disk Encryption for the VM. How should you complete the Azure CLI commands? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: 

Box 1: keyvault - Create an Azure Key Vault with az keyvault create and enable the Key Vault for use with disk encryption. Specify a unique Key Vault name for keyvault_name as follows: keyvault_name=myvaultname$RANDOM az keyvault create \ --name $keyvault_name \ --resource-group $resourcegroup \ --location eastus \ --enabled-for-disk-encryption True Box 2: keyvault key - The Azure platform needs to be granted access to request the cryptographic keys when the VM boots to decrypt the virtual disks. Create a cryptographic key in your Key Vault with az keyvault key create. The following example creates a key named myKey: az keyvault key create \ --vault-name $keyvault_name \ --name myKey \ --protection software Box 3: vm - Create a VM with az vm create. Only certain marketplace images support disk encryption. The following example creates a VM named myVM using an Ubuntu 16.04 LTS image: az vm create \ --resource-group $resourcegroup \ --name myVM \ --image Canonical:UbuntuServer:16.04-LTS:latest \ --admin-username azureuser \ --generate-ssh-keys \ Box 4: vm encryption - Encrypt your VM with az vm encryption enable: az vm encryption enable \ --resource-group $resourcegroup \ --name myVM \ --disk-encryption-keyvault $keyvault_name \ --key-encryption-key myKey \ --volume-type all Note: seems to an error in the question. Should haveenable instead of create. Box 5: all - Encrypt both data and operating system. Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption-cli-quickstart