70-465 Question #74: Real Exam Question with Answer & Explanation

Question

You need to recommend a solution to ensure that USP_4 adheres to the security requirements. What should you include in the recommendation?

Options

• AEnable SQL Server Audit.
• BEnable trace flags.
• CConfigure data manipulation language (DML) triggers.
• DEnable C2 audit tracing.

Explanation

To meet security auditing requirements for a stored procedure, SQL Server Audit provides the native, policy-based mechanism for tracking and logging database activity.

Common mistakes.

• B. Trace flags are used to alter SQL Server engine behavior or enable diagnostic features globally, not to capture or log security-relevant user activity for auditing purposes.
• C. DML triggers fire in response to INSERT, UPDATE, or DELETE statements and can enforce business logic, but they are not a security auditing mechanism and do not provide a reliable, tamper-resistant audit trail as required by security policies.
• D. C2 audit tracing is a deprecated feature that logs all database activity to a file but is not recommended for modern SQL Server deployments because it can fill the disk and halt the server; SQL Server Audit is the supported replacement.

Concept tested. SQL Server Audit for stored procedure security compliance

Reference. https://learn.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-database-engine

No community discussion yet for this question.