CDPSE · Question #295
Which of the following is the BEST way to prevent dangerous SQL write statements from being executed on data?
The correct answer is D. Create a read-only data warehouse.. A read-only data warehouse prevents SQL write statements architecturally by design, making it the strongest control against dangerous write operations on data.
Question
Which of the following is the BEST way to prevent dangerous SQL write statements from being executed on data?
Options
- ARestrict access to row-specific data.
- BCreate encrypted versions of the data.
- CExclude access to specific tables or columns of data.
- DCreate a read-only data warehouse.
How the community answered
(40 responses)- A5% (2)
- B15% (6)
- C3% (1)
- D78% (31)
Why each option
A read-only data warehouse prevents SQL write statements architecturally by design, making it the strongest control against dangerous write operations on data.
Row-level security restricts which rows a user can see or access, but does not prevent write statements on the rows that are accessible.
Encryption protects data confidentiality in transit and at rest, but does not restrict the ability to execute write statements against the database.
Excluding access to specific tables or columns limits the scope of accessible data, but write statements can still be executed against the tables and columns that remain accessible.
A read-only data warehouse is configured to disallow INSERT, UPDATE, and DELETE operations at the database or connection level, meaning no SQL write statement can be executed regardless of user permissions or application vulnerabilities. This is an architectural control that eliminates the attack surface for destructive write operations entirely. Other controls reduce scope but do not prevent writes on the data they do allow access to.
Concept tested: Preventing SQL write operations via read-only architecture
Source: https://learn.microsoft.com/en-us/azure/synapse-analytics/sql/data-load-overview
Topics
Community Discussion
No community discussion yet for this question.