70-465 Question #39: Real Exam Question with Answer & Explanation

Question

You are creating a database that will store usernames and credit card numbers for an application. You need to recommend a solution to store and resuse the credit card numbers in the database. What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.

Options

• AData encryption
• BTransparent Data Encryption (TDE)
• CEncrypting File System (EFS)
• DData hashing

Explanation

When storing and reusing sensitive data like credit card numbers, the encryption method must allow for decryption and retrieval of the original value. Data encryption is the best fit because it is reversible, unlike hashing.

Common mistakes.

• B. Transparent Data Encryption (TDE) encrypts the entire database files at rest (data files, log files, backups), but data is automatically decrypted when read into memory, meaning credit card numbers are exposed in plaintext at the application/query layer without additional field-level protection.
• C. Encrypting File System (EFS) is a Windows filesystem-level encryption feature that protects files on disk, but like TDE it operates at the storage layer and does not provide column- or field-level encryption for individual database values such as credit card numbers.
• D. Data hashing is a one-way, irreversible process; a hash of a credit card number cannot be reversed to recover the original number, which violates the requirement to reuse (retrieve) the actual credit card number for transactions.

Concept tested. Field-level data encryption for sensitive database values

Reference. https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/encrypt-a-column-of-data

No community discussion yet for this question.