Exam DP-201 All Questions

View all questions & answers for the DP-201 exam

Exam DP-201 topic 3 question 20 discussion

Actual exam question from Microsoft's DP-201

Question #: 20
Topic #: 3

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure SQL database that has columns. The columns contain sensitive Personally Identifiable Information (PII) data.
You need to design a solution that tracks and stores all the queries executed against the PII data. You must be able to review the data in Azure Monitor, and the data must be available for at least 45 days.
Solution: You add classifications to the columns that contain sensitive data. You turn on Auditing and set the audit log destination to use Azure Blob storage.
Does this meet the goal?

A. Yes
B. No

Show Suggested Answer

Suggested Answer: A 🗳️
Auditing has been enhanced to log sensitivity classifications or labels of the actual data that were returned by the query. This would enable you to gain insights on who is accessing sensitive data.
Note: You now have multiple options for configuring where audit logs will be written. You can write logs to an Azure storage account, to a Log Analytics workspace for consumption by Azure Monitor logs, or to event hub for consumption using event hub. You can configure any combination of these options, and audit logs will be written to each.
Reference:
https://azure.microsoft.com/en-us/blog/announcing-public-preview-of-data-discovery-classification-for-microsoft-azure-sql-data-warehouse/

by epgd at March 9, 2020, 4:25 p.m.

Comments

Submit Cancel

al9887655

Highly Voted 4 years, 2 months ago

Sending logs to blob meets 45 days storage requirement. But how about, "You must be able to review the data in Azure Monitor"? I think it should be NO.

upvoted 7 times

jms309

4 years, 2 months ago

In the Azure Log Analytics, which is part of the Azure Monitor Tool, you can add these logs added manually. Just go to the advanced options and configure the connection

upvoted 1 times

...

tes

Most Recent 3 years, 11 months ago

90 days in log analytics. So Log Aalaytics works(bure previous answer was no to this question which is silly). Now about blob storage we can easily connect to Azure Monitor/log analytics and then it will be available in Monitor(to meet the question). But then where is that extra step of connecting to log analytics? Also if you plan to connect to log analytics, why use storage account? The only extra benefit of doing this (Storage + log analytics) is that auditing information(the user) is only mentioned in the storage logs and is masked in log analytics. But such a scenario is not asked in this question. So the answer to this question is a big NO. Log Anlaytics is the correct answer. Dont even think about replying to this text

upvoted 1 times

tes

3 years, 11 months ago

https://stackoverflow.com/questions/66302107/unable-to-get-the-user-id-identity-details-from-log-analytics-workspace-captured Well, I might be wrong: "Log analytics does not capture any PII" but then the storage to log analytics connection is missing in the question

upvoted 1 times

tes

3 years, 11 months ago

now if log analytics really masks the PII then how will it work when storage account is connected to Log Analytics for monitor? So the stackoverflow answer is wrong and my answer aboe is correct or the answer to this question is "NO"still

upvoted 1 times

...

syu31svc

4 years, 5 months ago

https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview Answer is yes

upvoted 2 times

H_S

4 years, 2 months ago

Bro same article the answer IS NO, you can see auditing information is monitor if they are stored in blob storage

upvoted 2 times

...

kompressor

4 years, 10 months ago

on the page 20 in this dump the same question is answed no and here yes ! just wondering if you urself are not sure of ur answer

upvoted 1 times

VijayTeja

4 years, 10 months ago

Over there log analytics is used instead of blob.

upvoted 8 times

...

ZodiaC

3 years, 11 months ago

Nothing on page 20

upvoted 1 times

...

epgd

5 years, 2 months ago

But if you need to use Azure Monitor you should audit to Log Analytics destination. https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing

upvoted 3 times

Nehuuu

5 years, 2 months ago

Here the storage is needed for 45 days, Log analytics can store default logs till 31 days. Blob would be a convenient storage medium if longer retention is needed from default.

upvoted 17 times

Tombarc

5 years, 1 month ago

With free tier is up to 31 days, but you can store it up 730 days for an increased charge, also if you're using Sentinel it's stored for 90 days for free. https://www.shudnow.io/2019/10/14/increasing-azure-log-analytics-retention-per-data-type/ https://blogs.msdn.microsoft.com/canberrapfe/2017/01/25/change-oms-log-analytics-retention-period-in-the-azure-portal/ I believe the answer is Log Analytics, with storage account you wouldn't be able to set up alerts and monitor it from the Azure Monitor service.

upvoted 7 times

Leonido

5 years ago

But the solution will work

upvoted 1 times

Mathster

5 years ago

Yes, it is a valid solution. It can work with log stored in a Blob or Log Analytics.

upvoted 2 times

AJMorgan591

4 years, 8 months ago

I can't find any articles that suggest Azure Monitor can works with log data held in Blob Storage. Can you please confirm why you think this is so?

upvoted 2 times

...

Load full discussion...

...