70-473 · Question #76
Your company has a data warehouse that contains a database named DB1. You plan to implement data encryption for DB1. You need to configure DB1 to meet the following requirements: - Prevent the system
The correct answer is B. Back up DB1 by using VSS snapshots. C. Implement the Always Encrypted feature.. To protect Personally Identifiable Information (PII) from system administrators and ensure comprehensive backup and recovery, implement Always Encrypted and utilize VSS snapshots for consistent backups.
Question
Options
- AEncrypt within the application tier.
- BBack up DB1 by using VSS snapshots.
- CImplement the Always Encrypted feature.
- DBack up DB1 to a disk and a URL by using Mirror TO.
- EEncrypt within DB1 by using EncryptBypassword.
How the community answered
(47 responses)- A17% (8)
- B68% (32)
- D4% (2)
- E11% (5)
Why each option
To protect Personally Identifiable Information (PII) from system administrators and ensure comprehensive backup and recovery, implement Always Encrypted and utilize VSS snapshots for consistent backups.
Encrypting within the application tier is a generic concept; Always Encrypted (option C) is the specific SQL Server feature that implements this securely for PII.
VSS snapshots enable consistent point-in-time backups of the database files, which can be stored on-premises and subsequently managed for remote storage and retention requirements.
Always Encrypted provides client-side encryption, ensuring that sensitive data is encrypted before it ever reaches the database server, thus preventing administrators from accessing it in plaintext and ensuring encrypted backups.
`MIRROR TO` is used for log shipping or creating redundant backup sets, not for simultaneous backup to disk and URL in SQL Server 2012 in the context implied, and it's not a primary backup mechanism for consistency like VSS.
`EncryptBypassword` is not a valid SQL Server feature for database encryption; Transparent Data Encryption (TDE) is available but does not prevent sysadmins from reading data if they have control over the server keys.
Concept tested: SQL Server data encryption and backup strategies
Source: https://learn.microsoft.com/sql/relational-databases/security/always-encrypted-database-engine
Topics
Community Discussion
No community discussion yet for this question.