nerdexam
Microsoft

70-473 · Question #64

You need to implement a solution to meet the technical requirements for the encryption of the data in Appl. Which two features should you enable? Each correct answer presents pan of the solution. NOTE

The correct answer is A. Storage Account Encryption D. Transparent Data Encryption (TDE). To provide comprehensive encryption for application data, both Transparent Data Encryption (TDE) for the database itself and Storage Account Encryption for the underlying storage are essential layers of protection.

Design and implement data security

Question

You need to implement a solution to meet the technical requirements for the encryption of the data in Appl. Which two features should you enable? Each correct answer presents pan of the solution. NOTE: Each correct selection is worth one point

Options

  • AStorage Account Encryption
  • BAzure Key Vault
  • CDynamic Data Masking
  • DTransparent Data Encryption (TDE)

How the community answered

(28 responses)
  • A
    82% (23)
  • B
    7% (2)
  • C
    11% (3)

Why each option

To provide comprehensive encryption for application data, both Transparent Data Encryption (TDE) for the database itself and Storage Account Encryption for the underlying storage are essential layers of protection.

AStorage Account EncryptionCorrect

Storage Account Encryption ensures that all data stored in Azure Storage accounts, including blobs, files, queues, and tables, is encrypted at rest automatically, providing a foundational layer of data protection for the application's persisted data.

BAzure Key Vault

Azure Key Vault is a service for managing encryption keys and secrets, not for encrypting data itself; it can be used *with* encryption features but doesn't perform the data encryption.

CDynamic Data Masking

Dynamic Data Masking is a security feature that limits sensitive data exposure by masking it for non-privileged users without altering the data in the database, which is not a data encryption method.

DTransparent Data Encryption (TDE)Correct

Transparent Data Encryption (TDE) encrypts the entire database, including its data and log files, at rest, protecting sensitive information stored within the database without requiring changes to the application itself.

Concept tested: Database and storage data at rest encryption

Source: https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-at-rest

Topics

#Transparent Data Encryption (TDE)#Storage Account Encryption#data at rest encryption#Azure security

Community Discussion

No community discussion yet for this question.

Full 70-473 Practice