70-473 · Question #64
You need to implement a solution to meet the technical requirements for the encryption of the data in Appl. Which two features should you enable? Each correct answer presents pan of the solution. NOTE
The correct answer is A. Storage Account Encryption D. Transparent Data Encryption (TDE). To provide comprehensive encryption for application data, both Transparent Data Encryption (TDE) for the database itself and Storage Account Encryption for the underlying storage are essential layers of protection.
Question
Options
- AStorage Account Encryption
- BAzure Key Vault
- CDynamic Data Masking
- DTransparent Data Encryption (TDE)
How the community answered
(28 responses)- A82% (23)
- B7% (2)
- C11% (3)
Why each option
To provide comprehensive encryption for application data, both Transparent Data Encryption (TDE) for the database itself and Storage Account Encryption for the underlying storage are essential layers of protection.
Storage Account Encryption ensures that all data stored in Azure Storage accounts, including blobs, files, queues, and tables, is encrypted at rest automatically, providing a foundational layer of data protection for the application's persisted data.
Azure Key Vault is a service for managing encryption keys and secrets, not for encrypting data itself; it can be used *with* encryption features but doesn't perform the data encryption.
Dynamic Data Masking is a security feature that limits sensitive data exposure by masking it for non-privileged users without altering the data in the database, which is not a data encryption method.
Transparent Data Encryption (TDE) encrypts the entire database, including its data and log files, at rest, protecting sensitive information stored within the database without requiring changes to the application itself.
Concept tested: Database and storage data at rest encryption
Source: https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-at-rest
Topics
Community Discussion
No community discussion yet for this question.