AZ-500 Question #259: Real Exam Question with Answer & Explanation

Question

Your company has an Azure SQL database. The database also consists of sensitive data. You want the prevent sensitive data from appearing as plain text inside the database system. What would be your step of action?

Options

• AConfigure Dynamic Data Masking (DDM).
• BEnable Advanced Data Security (ADS).
• CConfigure Always Encrypted.
• DEnable Transparent Data Encryption (TDE).

Explanation

To prevent sensitive data from appearing as plain text within an Azure SQL database system, you must configure Always Encrypted.

Common mistakes.

• A. Dynamic Data Masking (DDM) obscures sensitive data in query results for non-privileged users, but the data is still stored as plain text in the database.
• B. Advanced Data Security (ADS) is a suite of features including vulnerability assessment and threat detection, but it doesn't directly prevent sensitive data from being stored as plain text within the database.
• D. Transparent Data Encryption (TDE) encrypts the entire database's data files at rest, but the data is decrypted in memory for processing by the database engine, meaning it can be exposed as plain text within the database system itself.

Concept tested. Azure SQL Database client-side data encryption

Reference. https://learn.microsoft.com/en-us/azure/azure-sql/database/always-encrypted-with-secure-enclaves-overview

No community discussion yet for this question.