ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-300 All Questions

View all questions & answers for the AZ-300 exam
Go to Exam

Exam AZ-300 topic 4 question 14 discussion

Actual exam question from Microsoft's AZ-300
Question #: 14
Topic #: 4
[All AZ-300 Questions]

DRAG DROP -
You maintain an existing Azure SQL Database instance. Management of the database is performed by an external party. All cryptographic keys are stored in an
Azure Key Vault.
You must ensure that the external party cannot access the data in the SSN column of the Person Table.
Will each protection method meet the requirement? To answer, drag the appropriate responses to the correct protection methods.
Each response may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
References:
https://docs.microsoft.com/en-us/azure/security/azure-database-security-overview
by Serena_C at Feb. 16, 2020, 2:59 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Happiman
Highly Voted 5 years, 2 months ago
YES/NO/NO/NO
upvoted 14 times
...
Daltonic75
Highly Voted 5 years, 2 months ago
Same question but different answer in https://www.examtopics.com/exams/microsoft/az-203/view/15/
upvoted 8 times
Gjferweb
5 years, 2 months ago
agree with that Yes No Yes NO https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-ver15 In SQL Database, the VIEW permissions aren't granted by default to the public fixed database role. This enables certain existing, legacy tools (using older versions of DacFx) to work properly. Consequently, to work with encrypted columns (even if not decrypting them) a database administrator must explicitly grant the two VIEW permissions.
upvoted 4 times
pieixoto
5 years, 1 month ago
You are correct but I am thinking each answer must be a correct solution. If you assign the public fixed data base role, you cannot just assume the column was encrypted. Therefore the only answer that presents a correct solution to the question is always encrypted setting.
upvoted 2 times
...
...
...
azurehunter
Most Recent 4 years, 6 months ago
IMO, answer is N, N, N, Y. "AlwaysOn Encryption" not exists. MS purposely try to confuse us. Last one is how Always Encryption to store the column encryption keys.
upvoted 1 times
...
tundervirld
4 years, 10 months ago
Will be, NO,NO,NO,NO: Explanation: Enable Always Encryption, yes is good practice and you can configure it for individual database columns containing your sensitive data, but the question says AlwaysOn Encryption, so NO. Set Column encryption to disable, will leave to see information, we don't need it, so NO. Fixed Roles is bad practice and can be able to escalate privileges, so NO. Store Column encryption in system catalog view, doesn't make sense since it is the most efficient way to obtain, transform, and present customized forms of catalog metadata information, so NO References: https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-ver15 https://docs.microsoft.com/en-us/sql/relational-databases/system-catalog-views/catalog-views-transact-sql?view=sql-server-ver15 https://docs.microsoft.com/en-us/azure/security/azure-database-security-overview
upvoted 3 times
Juanlu
4 years, 6 months ago
Agree: NO | NO | NO | NO. Same as: https://www.examtopics.com/exams/microsoft/az-203/view/15/
upvoted 1 times
altafpatel1984
3 years, 6 months ago
wrong answer. please don't misguide users.
upvoted 1 times
...
...
Sathian
4 years, 7 months ago
4 should be yes, the column keys are stored in the catalogue views https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/overview-of-key-management-for-always-encrypted?view=sql-server-ver15
upvoted 2 times
altafpatel1984
3 years, 6 months ago
wrong answer. please don't misguide users.
upvoted 1 times
...
...
altafpatel1984
3 years, 6 months ago
wrong answer. please don't misguide users.
upvoted 1 times
...
...
JeeBi
4 years, 10 months ago
https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-ver15 "You can configure Always Encrypted for individual database columns containing your sensitive data." So this should indeed work.
upvoted 1 times
...
Prash85
4 years, 11 months ago
Always On Encryption is just a typo... So answer is Y N N N
upvoted 7 times
...
dwild
4 years, 12 months ago
Always Encrypted != AlwaysON... so NO,NO,NO
upvoted 3 times
...
AnshMan
5 years ago
Yes, No, Yes, NO https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-ver15 https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/overview-of-key-management-for-always-encrypted?view=sql-server-ver15
upvoted 1 times
...
milind8451
5 years, 1 month ago
Always Encrypted is a feature designed to protect sensitive data, such as credit card numbers or national identification numbers (for example, U.S. social security numbers), stored in Azure SQL Database or SQL Server databases. So it should be "Always Encrypted" instead of "Always on Encryption". I think its a ttypo.
upvoted 1 times
...
qr
5 years, 3 months ago
AlwaysOn dosent exist... Always Encrypted does... All No.
upvoted 2 times
...
Syd
5 years, 3 months ago
Correct. Answer no,no,no,no Alwayson is for high availability and disaster recovery solution introduced when SQL Server 2012 was launched and above versions.
upvoted 2 times
jcarlos
5 years, 3 months ago
Completely agree unless there is typo in the answer and they mean always encrypted (there is no such thing AlwaysOn Encryption). If there is an error in the wording then it would be yes-no-no-no
upvoted 11 times
qr
5 years, 3 months ago
yep, or a trap for alwayson availability groups? if a trap, kinda lame
upvoted 1 times
tartar
4 years, 8 months ago
Y N N N
upvoted 3 times
...
...
zhifu
4 years, 11 months ago
there is no such thing AlwaysOn Encryption.... you are right
upvoted 1 times
...
...
Andy001
5 years, 3 months ago
This is certainly a typo in the question. It should be "Always encrypted" https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-ver15
upvoted 11 times
praveen97
4 years, 10 months ago
Agree with Andy001. It should be Always Encrypted.
upvoted 1 times
...
...
AnilV
5 years, 1 month ago
it should be always encrypted
upvoted 3 times
...
morpjo
4 years, 8 months ago
That AlwaysOn for HA/DR..... is Always on Availability Group.
upvoted 1 times
...
...
Serena_C
5 years, 3 months ago
I think this should be cell-level encryption, according to MS doc below, Cell-level encryption is available to encrypt specific columns or even cells of data with different encryption keys. https://docs.microsoft.com/en-us/azure/security/fundamentals/database-security-overview
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel