ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-203 All Questions

View all questions & answers for the AZ-203 exam
Go to Exam

Exam AZ-203 topic 4 question 8 discussion

Actual exam question from Microsoft's AZ-203
Question #: 8
Topic #: 4
[All AZ-203 Questions]

DRAG DROP -
You maintain an existing Azure SQL Database instance. Management of the database is performed by an external party. All cryptographic keys are stored in an
Azure Key Vault.
You must ensure that the external party cannot access the data in the SSN column of the Person table.
Will each protection method meet the requirement? To answer, drag the appropriate responses to the correct protection methods. Each response may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer: Explanation
Box 1: Yes -
You can configure Always Encrypted for individual database columns containing your sensitive data. When setting up encryption for a column, you specify the information about the encryption algorithm and cryptographic keys used to protect the data in the column.

Box 2: No -

Box 3: Yes -
In SQL Database, the VIEW permissions are not granted by default to the public fixed database role. This enables certain existing, legacy tools (using older versions of DacFx) to work properly. Consequently, to work with encrypted columns (even if not decrypting them) a database administrator must explicitly grant the two VIEW permissions.

Box 4: No -
All cryptographic keys are stored in an Azure Key Vault.
References:
https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine
by heero at Feb. 24, 2020, 4:45 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Daltonic75
Highly Voted 5 years, 3 months ago
Same question in https://www.examtopics.com/exams/microsoft/az-300/view/31/ But different answers. Check discussion in that URL.
upvoted 14 times
babu789
4 years, 11 months ago
@daltonic75 you are awesome.
upvoted 3 times
...
...
saeza100
Highly Voted 5 years ago
All of them "No" , we have "always Encrypt" but haven't "AlwaysOn Encrypt"
upvoted 8 times
Juanlu
4 years, 6 months ago
Agree. NO | NO | NO | NO
upvoted 2 times
...
Ananas
4 years, 10 months ago
Actually the solution talks about "always encrypt", that is why it is marked as "yes"
upvoted 3 times
...
...
shrusudev
Most Recent 4 years, 1 month ago
https://vceguide.com/drag-drop-666/
upvoted 1 times
...
sumaiyap86
4 years, 3 months ago
Box 4 is NO The Database Engine stores encryption configuration for each column in database metadata. Note, however, the Database Engine never stores or uses the keys of either type in plaintext. It only stores encrypted values of column encryption keys and the information about the location of column master keys, which are stored in external trusted key stores, such as Azure Key Vault, Windows Certificate Store on a client machine, or a hardware security module. https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-ver15
upvoted 1 times
...
cbn
4 years, 4 months ago
I think the last option should be YES. "Note, however, the Database Engine never stores or uses the keys of either type in plaintext. It only stores encrypted values of column encryption keys and the information about the location of column master keys, which are stored in external trusted key stores, such as Azure Key Vault" https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-ver15
upvoted 1 times
cbn
4 years, 4 months ago
Therefore, YES | NO | YES | YES
upvoted 1 times
...
...
funfun
4 years, 5 months ago
box 3 should be yes, according to MS, public role do not have VIEW permission by default https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-ver15
upvoted 2 times
...
Meenusiju
4 years, 7 months ago
Box 3 is "NO" as per https://www.examtopics.com/exams/microsoft/az-300/view/31/ discussions.
upvoted 2 times
...
Daltonic75
5 years, 3 months ago
Options (same question): https://www.examtopics.com/exams/microsoft/az-300/view/31/ Or: https://www.examtopics.com/assets/media/exam-media/02758/0043800001.jpg
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel