ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-203 All Questions

View all questions & answers for the AZ-203 exam
Go to Exam

Exam AZ-203 topic 8 question 5 discussion

Actual exam question from Microsoft's AZ-203
Question #: 5
Topic #: 8
[All AZ-203 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this question, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that the SecurityPin security requirements are met.
Solution: Configure the web application to connect to the database using the WebAppIdentity security prinicipal. Using the Azure Portal, add Data Masking to the
SecurityPin column and exclude the WebAppIdentity service principal.
Does the solution meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
Scenario: Users' SecurityPin must be stored in such a way that access to the database does not allow the viewing of SecurityPins. The web application is the only system that should have access to SecurityPins.
All certificates and secrets used to secure data must be stored in Azure Key Vault.
by Regimiento at Dec. 10, 2019, 6:47 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
shanky_007
Highly Voted 5 years, 6 months ago
Correct Ans: B. No
upvoted 31 times
...
chaudh
Highly Voted 4 years, 11 months ago
It's B. The below will violate the requirement "The web application is the only system that should have access to SecurityPins." Users with administrator privileges are always excluded from masking, and see the original data without any mask. https://docs.microsoft.com/en-us/azure/azure-sql/database/dynamic-data-masking-overview#dynamic-data-masking-policy
upvoted 13 times
Cornholioz
4 years, 6 months ago
The decision should be around whether or not Data Masking is a solution. The exclude is for Data Masking so that WebAppIdentity CAN see it while it is masked for others. So Exclude is not the problem here. AKV vs Data Masking is. AKV is a requirement. SecurityPins is considered secret and hence applies to the requirement that it should be stored in AKV and not in the database alone. Unless, SecurityPins is just another column in the database... in which case, every value in that table cannot/shouldn't be stored in the AKV. But I might be overthinking the AKV portion... so for those reasons, I'm out ;)... I mean I'll choose No.
upvoted 3 times
...
...
Zsolt72
Most Recent 4 years, 3 months ago
My problem with this, that the admin can access to the PIN due to he is always excluded. https://docs.microsoft.com/en-us/azure/azure-sql/database/dynamic-data-masking-configure-portal see 4. section With the masking the app and the admin can access to the data. If only the app should be the B is the correct.
upvoted 1 times
...
cbn
4 years, 4 months ago
I think the given answer is correct. Requirement is 'if' any secrets/certificates are used, then to store those in KV. This solution does not need KV access, and is a valid solution.
upvoted 1 times
...
Mvii
5 years, 1 month ago
No need for AKV. MSI is enabled for app - service/security principal. Looks like answer is correct.
upvoted 5 times
Mvii
5 years, 1 month ago
Ignore this. AKV is a requirement.
upvoted 3 times
...
...
Regimiento
5 years, 6 months ago
This solution does not use Key Vault, so in my opinion it does not meet the requirements: All certificates and secrets used to secure data must be stored in Azure Key Vault.
upvoted 9 times
[Removed]
5 years, 1 month ago
But in this solution, we are not using any secret to be stored on AKV. So I think the answer is correct. The solution will work for the case.
upvoted 5 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel