You manage a Microsoft SQL Server environment. You plan to encrypt data when you create backups. You need to configure the encryption options for backups. What should you configure?
Suggested Answer:D🗳️
To encrypt during backup, you must specify an encryption algorithm, and an encryptor to secure the encryption key. The following are the supported encryption options: Encryption Algorithm: The supported encryption algorithms are: AES 128, AES 192, AES 256, and Triple DES Encryptor: A certificate or asymmetric Key References: https://docs.microsoft.com/en-us/sql/relational-databases/backup-restore/backup-encryption
When creating an excypted backup you need to specify the encryption algorithm and the encrytor.
The encryption algorithm (the make of the "lock") will be used to encryt the backup (this will be symmetrical encryption).
The "encryptor" is either an asymmetic key or a certificate (which is a package for an asymmetic key). This is used to encrypt the symmetrical key that SQL Server generates for when taking the backup.
The anwser is A, a certificate to be used as the "encryptor".
It is not MD5 hash, as this would be a piece of data that's been encrypted/hashed.
And it's not a DES or AES 256-bit key as these are symmetrical encryption KEYS. They are not algorithms (make of "lock") to be used for the encryption, but the "key". And you can't use a symmetrical key for the "encryptor", it MUST to be an asymmetic key, that's how public key encryption operates
Brief overview of Public Key Encryption. Asymmetical encryption is expensive and weaker than symmetical encryption. But as it has 2 keys, a public / private pair, so it's safe to exchange the Public keys. Symmetical has a single key, so it's harder to safely pass this around. So to encrypt anything, a single use symmetical key gets generated and the clear text gets encrypted with it. This key is then encrypted using the Asymmetical Public key. Then you send the both to the receipient, who should have the Asymmetical Private key. Then decrypt the symmetical key and then use that to decrypt the actual payload.
I believe TheSwedishGuy is correct. AES 256 is generally the recommended encryption method for storage. Yes, the certificate key can be used as the encryptor/decryptor. But it is not necessarily recommended, because you can also use another asymmetric key. There are other strong options available. The certificate key or asymmetric key is used when converting the data to AES 256, which is the recommended encryption for storage.
https://docs.microsoft.com/en-us/sql/relational-databases/backup-restore/backup-encryption?view=sql-server-ver15#:~:text=You%20can%20encrypt%20a%20backup,to%20use%20for%20the%20encryption.
AES is a symmetrical algorithm, but SQL Server will generate it's own symmetrical key to use when generating the backup. It will then use the public key of the provided asymmetrical key or certificate to encrypt the symmetrical key.
I think the answer is "A". An "AES_256"-key would be an symmetric key which cannot be used for backup-encryption. Its rather an AES_256-algorithm with a certificate as encryptor.
An AES 256-bit key is the strongest available AES-encryption key. The "DES" answer to this question is not correct, since the available options are "AES_128 | AES_192 | AES_256 | TRIPLE_DES_3KEY".
Source: https://docs.microsoft.com/en-us/sql/t-sql/statements/backup-transact-sql?view=sql-server-ver15
Confusing the concept of key and algorithm.
You need to specify the (symmetrical) encryption algorithm, and then an asymmetrical key (or certificate which is a package for an asymmetrical key)
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.70-764 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Hoglet
4 years, 5 months agoHoglet
4 years, 5 months agoKC
4 years, 10 months agoHoglet
4 years, 5 months agoMelKr
5 years, 1 month agoHoglet
4 years, 5 months agoTheSwedishGuy
5 years, 5 months agoHoglet
4 years, 5 months ago