ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 4 question 40 discussion

Actual exam question from Microsoft's SC-100
Question #: 40
Topic #: 4
[All SC-100 Questions]

You have an on-premises server that runs Windows Server and contains a Microsoft SQL Server database named DB1.

You plan to migrate DB1 to Azure.

You need to recommend an encrypted Azure database solution that meets the following requirements:

• Minimizes the risks of malware that uses elevated privileges to access sensitive data
• Prevents database administrators from accessing sensitive data
• Enables pattern matching for server-side database operations
• Supports Microsoft Azure Attestation
• Uses hardware-based encryption

What should you include in the recommendation?

  • A. SQL Server on Azure Virtual Machines with virtualization-based security (VBS) enclaves
  • B. Azure SQL Database with virtualization-based security (VBS) enclaves
  • C. Azure SQL Managed Instance that has Always Encrypted configured
  • D. Azure SQL Database with Intel Software Guard Extensions (Intel SGX) enclaves
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Mick2024 at Jan. 31, 2025, 6:18 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
RoboCock
2 months ago
Selected Answer: D
To meet these requirements, I recommend using Azure SQL Database with Intel Software Guard Extensions (Intel SGX) enclaves. This solution provides hardware-based encryption and supports Microsoft Azure Attestation. It also enables secure enclaves for server-side operations, such as pattern matching, while ensuring that sensitive data remains inaccessible to database administrators. https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/configure-always-encrypted-enclaves?view=sql-server-ver16&viewFallbackFrom=azuresql
upvoted 1 times
...
sweetykaur
3 months, 4 weeks ago
Selected Answer: D
C. Azure SQL Managed Instance that has Always Encrypted configured Here's why: Minimizes the risks of malware: Always Encrypted ensures that sensitive data is encrypted both in transit and at rest, reducing the risk of unauthorized access. Prevents database administrators from accessing sensitive data: With Always Encrypted, even database administrators cannot access the plaintext data. Enables pattern matching for server-side database operations: Always Encrypted with secure enclaves supports rich queries, including pattern matching. Supports Microsoft Azure Attestation: Azure SQL Managed Instance supports Always Encrypted with secure enclaves, which can be attested using Microsoft Azure Attestation. Uses hardware-based encryption: Always Encrypted can use Intel Software Guard Extensions (Intel SGX) for hardware-based encryption
upvoted 1 times
Collecting
3 months, 2 weeks ago
WRONG Azure SQL Managed Instance with Always Encrypted Does not support pattern matching on encrypted data (only client-side decryption).
upvoted 1 times
...
...
Ali96
4 months ago
Selected Answer: D
D. Azure SQL Database with Intel Software Guard Extensions (Intel SGX) enclaves
upvoted 1 times
...
Mick2024
4 months ago
Selected Answer: D
Wasn't familiar with this one before but it looks correct. https://learn.microsoft.com/en-us/azure/azure-sql/database/always-encrypted-enclaves-plan?view=azuresql
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel