For Azure Data Box Double Encryption:
1. Is the second layer of at-rest encryption applied by the NAS, or does the customer encrypt its data prior to copying onto the NAS?
2. What encryption cypher and strength is used for the second layer of encryption?
3. Where are the encryption keys stored?
4. Is custom managed encryption keys (CMEK) for the second layer of encryption an option?
5. How is the second layer encryption key accessed during the copying of data from the NAS to Azure storage?
Thank you.