70-463 · Question #244
You have a secured database that contains all of the customer data for your company. You plan to use a project deployment model. You need to create a SQL Server Integration Services (SSIS) package tha
The correct answer is C. Modify the set_execution parameter_value stored procedure. D. Set the package protection level to EncrypSensitiveWithPassword.. Setting the package protection level to EncryptSensitiveWithPassword encrypts the password inside the package, and catalog.set_execution_parameter_value supplies the credential securely at runtime in the project deployment model.
Question
You have a secured database that contains all of the customer data for your company. You plan to use a project deployment model. You need to create a SQL Server Integration Services (SSIS) package that connects to the database by using a dedicated username and password. The solution must ensure that the password used for the connection string is encrypted. Which two actions should you perform? (Select Two)
Options
- ASelect the Sensitive check box for the catalog environment.
- BSet the sensitive property of the package parameter to True.
- CModify the set_execution parameter_value stored procedure.
- DSet the package protection level to EncrypSensitiveWithPassword.
How the community answered
(26 responses)- A23% (6)
- B12% (3)
- C65% (17)
Why each option
Setting the package protection level to EncryptSensitiveWithPassword encrypts the password inside the package, and catalog.set_execution_parameter_value supplies the credential securely at runtime in the project deployment model.
Marking a catalog environment variable as sensitive causes it to be encrypted within the SSISDB catalog, but this does not encrypt the password stored inside the package file itself.
Setting a package parameter's sensitive property to True flags it for encrypted storage in the SSISDB catalog, but without also setting the package protection level the password remains unencrypted within the package definition.
The catalog.set_execution_parameter_value stored procedure sets parameter values - including sensitive credentials - at package execution time within the SSISDB catalog, so the password is supplied dynamically at runtime rather than stored statically in the package definition. This is the standard mechanism for injecting sensitive values into packages deployed under the project deployment model. Combined with encryption of the package itself, it provides a complete end-to-end solution.
Setting the package protection level to EncryptSensitiveWithPassword encrypts all sensitive data, including connection string passwords, using AES encryption with a user-supplied password before the package is saved. This ensures that even if the .dtsx file is accessed directly, the credentials cannot be read without the encryption password. It directly satisfies the requirement that the connection string password must be encrypted.
Concept tested: SSIS package protection level and sensitive parameter encryption
Source: https://learn.microsoft.com/en-us/sql/integration-services/security/access-control-for-sensitive-data-in-packages
Topics
Community Discussion
No community discussion yet for this question.