Discover how to safeguard sensitive data in your Azure SQL database by configuring Always Encrypted. Ensure data privacy and security with this comprehensive solution.
Table of Contents
Question
Your company has an Azure SQL database. The database also consists of sensitive data. You want the prevent sensitive data from appearing as plain text inside the database system. What would be your step of action?
A. Configure Dynamic Data Masking (DDM).
B. Enable Advanced Data Security (ADS).
C. Configure Always Encrypted.
D. Enable Transparent Data Encryption (TDE).
Answer
C. Configure Always Encrypted.
Explanation
Always Encrypted is a feature of Azure SQL Database that allows you to encrypt sensitive data inside the database system, so that it is not exposed as plain text to anyone who does not have the encryption key, including the database administrators, Azure operators, or hackers. Always Encrypted protects the data in transit, at rest, and in use, by encrypting it on the client side before sending it to the database, and decrypting it only when it is queried by an authorized application.
Dynamic Data Masking (DDM) is a feature of Azure SQL Database that allows you to obfuscate sensitive data in the result sets of queries, by applying masks to certain columns. DDM does not encrypt the data in the database, and it can be bypassed by users who have high privileges or know the underlying structure of the database.
Advanced Data Security (ADS) is a feature of Azure SQL Database that provides a set of security capabilities, such as vulnerability assessment, advanced threat protection, and data discovery and classification. ADS does not encrypt the data in the database, but rather helps you identify and mitigate potential security risks.
Transparent Data Encryption (TDE) is a feature of Azure SQL Database that encrypts the data and log files at rest, by using a symmetric key that is stored in the database boot record. TDE does not protect the data in transit or in use, and it does not prevent unauthorized access to the data by users who have access to the database.
Therefore, to prevent sensitive data from appearing as plain text inside the database system, you should configure Always Encrypted.
Microsoft Certified Azure Security Engineer Associate AZ-500 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft Certified Azure Security Engineer Associate AZ-500 exam and earn Microsoft Certified Azure Security Engineer Associate AZ-500 certification.