SOL-C01 Question #58: Real Exam Question with Answer & Explanation

Question

You are working with a table named 'EMPLOYEES in the 'PUBLIC' schema of the 'COMPANY DATA' database. The table contains sensitive Personally Identifiable Information (PII). You need to implement Dynamic Data Masking to protect the 'EMAIL' and 'SALARY columns, ensuring that only users with the 'DATA ADMIN' role can view the actual values, while others see masked values for 'EMAIL' and a fixed value of '$' for 'SALARY'. Which of the following steps are required to achieve this? (Select all that apply)

Options

• ACreate a masking policy for the 'EMAIL' column that uses the 'MASK function and applies it to the
• BCreate a masking policy for the `EMAIL' column that uses the 'MASK' function with a condition to
• CCreate a masking policy for the `SALARY column that always returns '$' and applies it to the
• DCreate a masking policy for the 'SALARY column that uses the 'MASK function with a condition to
• EGrant the 'APPLY MASKING POLICY privilege to the DATA ADMINS role.

Explanation

To achieve Dynamic Data Masking with role-based access, you need to: Create a masking policy for 'EMAIL' that masks the data unless the user has the role (Option B). Create a masking policy for 'SALARY' that returns '$' for non-SDATA_ADMIN' users and shows the actual salary for users (Option D). Option A is incorrect because it does not include the role-based condition. Option C is incomplete; it masks for all users, including DATA_ADMIN. Option E is not necessary since the DATA_ADMIN role doesn't need the APPLY MASKING POLICY, the ownership of the policy enables the admin to view the unmasked data.

No community discussion yet for this question.