Learn how to design dynamic data masking in Azure Synapse Analytics dedicated SQL pool to maintain compliance and control access to sensitive data for different user groups across various regions.
Table of Contents
Question
You are designing an Azure Synapse Analytics dedicated SQL pool.
Groups will have access to sensitive data in the pool as shown in the following table.
| Name | Enhanced access |
|---|---|
| Executives | No access to sensitive data |
| Analysts | Access to in-region sensitive data |
| Engineers | Access to all numeric sensitive data |
You have policies for the sensitive data. The policies vary be region as shown in the following table.
| Region | Data considered sensitive |
|---|---|
| RegionA | Financial, Personally Identifiable Information (PII) |
| RegionB | Financial, Personally Identifiable Information (PII) medical |
| RegionC | Financial, medical |
You have a table of patients for each region. The tables contain the following potentially sensitive columns.
| Name | Sensitive data | Description |
|---|---|---|
| CardOnFile | Financial | Debit/credit card number for charges |
| Height | Medical | Patient’s height in cm |
| ContactEmail | PII | Email address for secure communications |
You are designing dynamic data masking to maintain compliance.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Statement:
- Analysts in RegionA require dynamic data masking rules for [Patients_RegionA].
- Engineers in RegionC require a dynamic data masking rules for [Patients_RegionA], [Height]
- Engineers in RegionB require a dynamic data masking rules for [Patients_RegionB], [Height]
Answer
- Analysts in RegionA require dynamic data masking rules for [Patients_RegionA]: Yes
- Engineers in RegionC require a dynamic data masking rules for [Patients_RegionA], [Height]: No
- Engineers in RegionB require a dynamic data masking rules for [Patients_RegionB], [Height]: No
Explanation
Yes – Analysts in RegionA require dynamic data masking rules for [Patients_RegionA].
Explanation: According to the given information, analysts have access to in-region sensitive data. In RegionA, financial data and Personally Identifiable Information (PII) are considered sensitive. The [Patients_RegionA] table contains the [CardOnFile] column, which is financial data, and the [ContactEmail] column, which is PII. Therefore, dynamic data masking rules should be applied to these columns for analysts in RegionA to maintain compliance.
No – Engineers in RegionC do not require dynamic data masking rules for [Patients_RegionA], [Height].
Explanation: Engineers have access to all numeric sensitive data. In the [Patients_RegionA] table, the [Height] column contains medical data, which is not considered sensitive in RegionC. Therefore, engineers in RegionC do not require dynamic data masking rules for the [Height] column in the [Patients_RegionA] table.
No – Engineers in RegionB do not require dynamic data masking rules for [Patients_RegionB], [Height].
Explanation: In RegionB, medical data is considered sensitive. However, engineers have access to all numeric sensitive data. The [Height] column in the [Patients_RegionB] table contains medical data, but it is numeric. Therefore, engineers in RegionB do not require dynamic data masking rules for the [Height] column in the [Patients_RegionB] table.
In summary, when designing dynamic data masking in Azure Synapse Analytics dedicated SQL pool, it is crucial to consider the sensitivity of data in each region and the access levels granted to different user groups. This ensures that sensitive data remains protected while allowing authorized users to access the information they need to perform their tasks.
Microsoft DP-203 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft DP-203 exam and earn Microsoft DP-203 certification.