DP-201 Exam QuestionsBrowse all questions from this exam
Go to Exam

DP-201 Exam - Question 108

HOTSPOT -

You are designing the security for a mission critical Azure SQL database named DB1. DB1 contains several columns that store Personally Identifiable Information

(PII) data

You need to recommend a security solution that meets the following requirements:

✑ Ensures that DB1 is encrypted at rest

✑ Ensures that data from the columns containing PII data is encrypted in transit

Which security solution should you recommend for DB1 and the columns? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Exam DP-201 Question 108
Show Answer
Correct Answer:
Exam DP-201 Question 108

DB1: Transparent Data Encryption

Azure SQL Database currently supports encryption at rest for Microsoft-managed service side and client-side encryption scenarios.

Support for server encryption is currently provided through the SQL feature called Transparent Data Encryption.

Columns: Always encrypted -

Always Encrypted is a feature designed to protect sensitive data stored in Azure SQL Database or SQL Server databases. Always Encrypted allows clients to encrypt sensitive data inside client applications and never reveal the encryption keys to the database engine (SQL Database or SQL Server).

Note: Most data breaches involve the theft of critical data such as credit card numbers or personally identifiable information. Databases can be treasure troves of sensitive information. They can contain customers' personal data (like national identification numbers), confidential competitive information, and intellectual property. Lost or stolen data, especially customer data, can result in brand damage, competitive disadvantage, and serious fines--even lawsuits.

Reference:

https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest https://docs.microsoft.com/en-us/azure/security/fundamentals/database-security-overview

Discussion

3 comments
Sign in to comment
elebiju
Dec 23, 2020

correct choice

Walkintechnik
Jun 16, 2021

Azure SQL Databases Encryption at rest can be enabled at the database and server levels. As of June 2017, Transparent Data Encryption (TDE) is enabled by default on newly created databases. https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest

Walkintechnik
Jun 16, 2021

Data Masking for "column" sensitive data in transit

brazil_guy
Aug 30, 2021

Data masking is not encryption