DP-203 · Question #155
DP-203 Question #155: Real Exam Question with Answer & Explanation
The correct sequence follows the logical dependency chain for implementing customer-managed TDE: first, Server1 needs a managed identity so it can authenticate to Azure Key Vault; next, the Key Vault must be created and the managed identity granted appropriate permissions (Get, W
Question
Drag and Drop Question You have an Azure Synapse Analytics SQL pool named Pool1 on a logical Microsoft SQL server named Server1. You need to implement Transparent Data Encryption (TDE) on Pool1 by using a custom key named key1. Which five actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer:
Explanation
The correct sequence follows the logical dependency chain for implementing customer-managed TDE: first, Server1 needs a managed identity so it can authenticate to Azure Key Vault; next, the Key Vault must be created and the managed identity granted appropriate permissions (Get, WrapKey, UnwrapKey); then key1 is added to the Key Vault; key1 is designated as the TDE protector for Server1 so the server knows which key to use for encryption; and finally TDE is enabled on Pool1 to activate encryption using that protector. Each step is a prerequisite for the next - you cannot configure a TDE protector before the key exists in Key Vault, and you cannot enable TDE with a customer key before the protector is set.
Topics
Community Discussion
No community discussion yet for this question.