You have an Azure SQL database that contains a table named Customer. Customer contains the columns shown in the following table.
You apply a masking rule as shown in the following table.
Which users can view the email addresses of the customers?
DP-200 Exam QuestionsBrowse all questions from this exam
DP-200 Exam - Question 143
Show AnswerHide Answer
Correct Answer: A
Both server administrators and users who are granted the UNMASK permission can view the unmasked data in Azure SQL Database. Server administrators are always excluded from masking, allowing them to see the original data. Additionally, granting UNMASK permission to specific users allows them to bypass the masking rule and view unmasked data for columns where masking is defined.
Discussion
10 commentsMsIrene
Apr 13, 2021As for me, the answer is C Server administrators only, because in this particular case Users excluded = None, so no one was granted the UNMASK permission.
yassine70
Oct 5, 2021Agree with @MsIrene. "SQL users excluded from masking - A set of SQL users or Azure AD identities that get unmasked data in the SQL query results. Users with administrator privileges are always excluded from masking, and see the original data without any mask." https://docs.microsoft.com/en-us/azure/azure-sql/database/dynamic-data-masking-overview
dataeng1102
Apr 7, 2021This is incorrect. Both server admins and users with unmasked permissions can see unmasked data.
Devendra00023
Apr 8, 2021Yeah, refer - https://docs.microsoft.com/en-us/azure/azure-sql/database/dynamic-data-masking-configure-portal
DMQA
Apr 26, 2021A seems to be the correct answer.. Refer to Dynamic data masking policy > SQL users excluded from masking of the page below, which mentions "Users with administrator privileges are always excluded from masking, and see the original data without any mask." . Hands-on would clear any further confusion. https://docs.microsoft.com/en-us/azure/azure-sql/database/dynamic-data-masking-overview
DMQA
Apr 26, 2021A seems to be the correct answer.. Refer to Dynamic data masking policy > SQL users excluded from masking of the page below, which mentions "Users with administrator privileges are always excluded from masking, and see the original data without any mask." . Hands-on would clear any further confusion. https://docs.microsoft.com/en-us/azure/azure-sql/database/dynamic-data-masking-overview
111222333
May 14, 2021Correct, answer is A. Users with administrator privileges always have access to the original unmasked data. https://docs.microsoft.com/en-us/azure/azure-sql/database/dynamic-data-masking-configure-portal
samkslee
Apr 11, 2021SQL users excluded from masking - A set of SQL users or Azure AD identities that get unmasked data in the SQL query results. Users with administrator privileges are always excluded from masking, and see the original data without any mask. https://docs.microsoft.com/en-us/azure/azure-sql/database/dynamic-data-masking-overview#dynamic-data-masking-policy
Amy007
May 13, 2021Correct Answer is A. Type the SQL users or Azure Active Directory (Azure AD) identities that should be excluded from masking, and have access to the unmasked sensitive data. This should be a semicolon-separated list of users. Users with administrator privileges always have access to the original unmasked data.
lapomidoro
Jun 7, 2021Unmask cannot be specified for a particular column. It's granted for a user. So C is the correct answer
psal2020
Jun 15, 2021Agree-"However this permission is globally applied at the database level, meaning that if a user has this permission, they have the ability to read the actual data in any column for which they have SELECT permission"
Mily94
Apr 25, 2021correct answer: A Server admins always have access to masked data + users with unmasked permissions
NamishBansal
Apr 27, 2021The article has no mention of Server Administrators being able to see masked data, so I guess given answer is correct.
cadio30
May 5, 2021For this scenario, the answer is C since by default Server Administrator is excluded from masking and there are no indicated users in the "users excluded" which in case if there is then the values are visible to those people.
cadio30
May 11, 2021come to think of it, one can execute a grant permission using T-SQL to "unmask" the user. therefore the answer should be option A.
cadio30
May 12, 2021correct answer is C When grant unmask it allows to expose all of the mask columns from a table. Given the option A, it states at the end that it will only unmask the "email" column only.
cadio30
May 12, 2021correct answer is C When grant unmask it allows to expose all of the mask columns from a table. Given the option A, it states at the end that it will only unmask the "email" column only.
VishalTile
Jun 13, 2021Users with administrator privileges always have access to the original unmasked data. So answer is A.
bs_2021
Jun 21, 2021You are right but that applies to database admins not server admins . Hence, B should be the right answer
Hinzzz
Jun 21, 2021B is the correct answer. The keyword is Server Administrator not the DB administrators.