Skip to Content

AZ-500: Protecting Sensitive Data in Azure SQL: A Step-by-Step Guide

Discover how to safeguard sensitive data in your Azure SQL database by configuring Always Encrypted. Ensure data privacy and security with this comprehensive solution.

Table of Contents

Question

Your company has an Azure SQL database. The database also consists of sensitive data. You want the prevent sensitive data from appearing as plain text inside the database system. What would be your step of action?

A. Configure Dynamic Data Masking (DDM).
B. Enable Advanced Data Security (ADS).
C. Configure Always Encrypted.
D. Enable Transparent Data Encryption (TDE).

Answer

C. Configure Always Encrypted.

Explanation

Always Encrypted is a feature of Azure SQL Database that allows you to encrypt sensitive data inside the database system, so that it is not exposed as plain text to anyone who does not have the encryption key, including the database administrators, Azure operators, or hackers. Always Encrypted protects the data in transit, at rest, and in use, by encrypting it on the client side before sending it to the database, and decrypting it only when it is queried by an authorized application.

Dynamic Data Masking (DDM) is a feature of Azure SQL Database that allows you to obfuscate sensitive data in the result sets of queries, by applying masks to certain columns. DDM does not encrypt the data in the database, and it can be bypassed by users who have high privileges or know the underlying structure of the database.

Advanced Data Security (ADS) is a feature of Azure SQL Database that provides a set of security capabilities, such as vulnerability assessment, advanced threat protection, and data discovery and classification. ADS does not encrypt the data in the database, but rather helps you identify and mitigate potential security risks.

Transparent Data Encryption (TDE) is a feature of Azure SQL Database that encrypts the data and log files at rest, by using a symmetric key that is stored in the database boot record. TDE does not protect the data in transit or in use, and it does not prevent unauthorized access to the data by users who have access to the database.

Therefore, to prevent sensitive data from appearing as plain text inside the database system, you should configure Always Encrypted.

The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers