ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam DP-300 All Questions

View all questions & answers for the DP-300 exam
Go to Exam

Exam DP-300 topic 2 question 41 discussion

Actual exam question from Microsoft's DP-300
Question #: 41
Topic #: 2
[All DP-300 Questions]

DRAG DROP
-

You have an Azure key vault named Vault1 and a SQL server on Azure Virtual Machines instance named SQL1. SQL1 hosts a database named DB1.

You need to configure Transparent Data Encryption (TDE) on DB1 to use a key in Vault1.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Show Suggested Answer Hide Answer
Suggested Answer:
by vcloudpmp at July 15, 2023, 3:06 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
erz
Highly Voted 1 year, 4 months ago
Provide some logic useing Chat: 1. Create an Azure AD service principal and grant the service principal permissions for Vault1: This step is necessary because SQL Server on an Azure VM will use this service principal to authenticate to Azure Key Vault and use the keys within it. 2. On SQL1, create a cryptographic provider and a Microsoft SQL Server credential: This step involves configuring SQL Server to be able to use Azure Key Vault as an Extensible Key Management (EKM) provider, which includes setting up the necessary credentials for authentication. 3. On SQL1, create an asymmetric key: This will be the key from the Azure Key Vault that you will use for TDE. SQL Server will use this key to encrypt the database encryption key. 4. On SQL1, create a login from the asymmetric key: This creates a SQL Server login that is based on the asymmetric key stored in Azure Key Vault, which is necessary for the SQL Server to use that key for TDE.
upvoted 11 times
voodoo_sh
4 months ago
1. Create Azure AD service principal 2. On SQL1, create cryptographic provider and credential 3. Create asymmetric key 4. Create login from asymmetric key
upvoted 1 times
...
...
2f5c7cd
Most Recent 8 months, 3 weeks ago
https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/setup-steps-for-extensible-key-management-using-the-azure-key-vault?view=sql-server-ver16&tabs=portal
upvoted 1 times
...
bsk1983
1 year, 10 months ago
Answer looks correct https://www.sqlservercentral.com/blogs/transparent-data-encryption-with-azure-key-vault-1
upvoted 2 times
...
vcloudpmp
1 year, 11 months ago
https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql-mi In order for the Azure SQL server to use TDE protector stored in AKV for encryption of the DEK, the key vault administrator needs to give the following access rights to the server using its unique Azure Active Directory (Azure AD) identity: get - for retrieving the public part and properties of the key in the Key Vault wrapKey - to be able to protect (encrypt) DEK unwrapKey - to be able to unprotect (decrypt) DEK
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel