ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam DP-201 All Questions

View all questions & answers for the DP-201 exam
Go to Exam

Exam DP-201 topic 3 question 18 discussion

Actual exam question from Microsoft's DP-201
Question #: 18
Topic #: 3
[All DP-201 Questions]

You plan to use Azure SQL Database to support a line of business app.
You need to identify sensitive data that is stored in the database and monitor access to the data.
Which three actions should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Configure Data Discovery and Classification.
  • B. Implement Transparent Data Encryption (TDE).
  • C. Enable Auditing.
  • D. Run Vulnerability Assessment.
  • E. Use Advanced Threat Protection.
Show Suggested Answer Hide Answer
Suggested Answer: ACE 🗳️
A: Data Discovery & Classification is built into Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics. It provides advanced capabilities for discovering, classifying, labeling, and reporting the sensitive data in your databases.
C: An important aspect of the information-protection paradigm is the ability to monitor access to sensitive data. Azure SQL Auditing has been enhanced to include a new field in the audit log called data_sensitivity_information. This field logs the sensitivity classifications (labels) of the data that was returned by a query.
E: Data Discovery & Classification is part of the Advanced Data Security offering, which is a unified package for advanced Azure SQL security capabilities. You can access and manage Data Discovery & Classification via the central SQL Advanced Data Security section of the Azure portal.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/data-discovery-and-classification-overview
by epgd at March 9, 2020, 11:45 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
RJ12345678
Highly Voted 5 years, 2 months ago
ACE D - is for finding the vulnerability. Question is not for finding the vulnerability but identify the sensitive data and monitor the access.
upvoted 77 times
rmk4ever
4 years, 8 months ago
Vulnerability Assessment is a scanning service built into Azure SQL Database. The service employs a knowledge base of rules that flag security vulnerabilities. It highlights deviations from best practices, such as misconfigurations, excessive permissions, and unprotected sensitive data. https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment
upvoted 2 times
...
cadio30
3 years, 11 months ago
This solution is the appropriate for the requirements.
upvoted 1 times
...
...
Nehuuu
Highly Voted 5 years, 2 months ago
correct answer - ACE , I believe
upvoted 44 times
krisspark
4 years, 9 months ago
Yes, ACE is correct Answer.. Vulnerability assessment in not fits the purpose
upvoted 8 times
...
...
AngelRio
Most Recent 3 years, 11 months ago
ACD Reference Whizlabs Course.
upvoted 3 times
...
syu31svc
4 years, 5 months ago
I would go for ACE https://docs.microsoft.com/en-us/azure/azure-sql/database/data-discovery-and-classification-overview https://docs.microsoft.com/en-us/azure/azure-sql/database/threat-detection-overview
upvoted 2 times
...
Shiva1122
4 years, 6 months ago
https://docs.microsoft.com/en-us/learn/modules/secure-your-azure-sql-database/5-monitor-your-database Data discovery & classification (currently in preview)
upvoted 3 times
WilsonShen
4 years, 5 months ago
IDENTIFY , Not Encrypt !
upvoted 1 times
...
...
jasu
4 years, 6 months ago
ACE is correct answer
upvoted 1 times
...
groy
4 years, 7 months ago
**Correct Answer** A. Enable Data Discovery and Classification C. Enable Auditing E. Use Advanced Threat Protection.
upvoted 4 times
...
AhmedReda
4 years, 10 months ago
ACE A) reporting the sensitive data in your databases + monitoring (auditing) and alerting on anomalous access to sensitive data. https://docs.microsoft.com/en-us/azure/azure-sql/database/data-discovery-and-classification-overview C) Clicking View dashboard at the top of the Audit records page will open a dashboard displaying audit logs info, where you can drill down into Security Insights, Access to Sensitive Data and more. https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview E) detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. https://docs.microsoft.com/en-us/azure/azure-sql/database/threat-detection-overview
upvoted 7 times
...
SebK
4 years, 10 months ago
ACE: https://docs.microsoft.com/en-us/learn/modules/secure-your-azure-sql-database/5-monitor-your-database
upvoted 1 times
...
Abhilvs
4 years, 10 months ago
vulnerability assessment can't be the right choice here, Vulnerability assessment is manual check and it doesn't integrate with monitor. ACE is the best choice here.
upvoted 1 times
spiitr
4 years, 2 months ago
You can configure to perform periodic scan automatically
upvoted 1 times
spiitr
4 years, 2 months ago
However, I will also go for ACE because VA is better fit for other use-cases in context of proactive checks of unprotected sensitive data if masking is not configured etc. rather than tracking user activities like anomalous access pattern which is ATP
upvoted 1 times
...
...
...
jovsta
4 years, 11 months ago
I think it's ACE. A) for identify sensitive data, C) Threat Detection requires Auditing (see link), and E) - ATP should meet the monitor access to the sensitive data. (C) - https://docs.microsoft.com/en-us/azure/azure-sql/database/threat-detection-overview#overview. The issue is when you read about "Vulnerability Assessment", it seems to encapsulate A & E. The key is 'Run' Vulnerability Assessment, instead of 'Enable' or 'Use' <X>. The run VA seems to be a once of to get reports, where as the requirement is constant and live.
upvoted 4 times
...
remz
4 years, 11 months ago
A, D, E https://docs.microsoft.com/en-us/azure/azure-sql/database/data-discovery-and-classification-overview
upvoted 2 times
...
talktorahuljoshi
5 years ago
Vulnerability Assessment is a scanning service built into Azure SQL Database. The service employs a knowledge base of rules that flag security vulnerabilities. It highlights deviations from best practices, such as misconfigurations, excessive permissions, and unprotected sensitive data. https://docs.microsoft.com/en-us/azure/sql-database/sql-vulnerability-assessment
upvoted 3 times
MamadouNiang
5 years ago
The scan report also provides a map of sensitive data discovered in your database. It includes recommendations to classify that data by using data discovery and classification. - It makes sense. Thank you.
upvoted 2 times
...
runningman
4 years, 11 months ago
So ACDE is probably best answer. Does Auditing really need to be enabled?
upvoted 1 times
...
...
NJin
5 years, 2 months ago
"You need to identify sensitive data that is stored in the database and monitor access to the data" this should be A, Discovery and Classification. ADE
upvoted 8 times
...
epgd
5 years, 2 months ago
but Data Discovery & Classification introduces a new tool built into SQL Server Management Studio (SSMS) for discovering, classifying, labeling & reporting the sensitive data in your databases.
upvoted 6 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago