ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam DP-201 All Questions

View all questions & answers for the DP-201 exam
Go to Exam

Exam DP-201 topic 14 question 1 discussion

Actual exam question from Microsoft's DP-201
Question #: 1
Topic #: 14
[All DP-201 Questions]

DRAG DROP -
You need to design the encryption strategy for the tagging data and customer data.
What should you recommend? To answer, drag the appropriate setting to the correct drop targets. Each source may be used once, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
All cloud data must be encrypted at rest and in transit.
Box 1: Transparent data encryption
Encryption of the database file is performed at the page level. The pages in an encrypted database are encrypted before they are written to disk and decrypted when read into memory.

Box 2: Encryption at rest -
Encryption at Rest is the encoding (encryption) of data when it is persisted.
Reference:
https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-encryption?view=sql-server-2017 https://docs.microsoft.com/en-us/azure/security/azure-security-encryption-atrest
Design for data security and compliance
by Nehuuu at March 16, 2020, 7:10 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Nehuuu
Highly Voted 5 years, 2 months ago
Tagging data - Cosmos DB - encryption at resr Customer data - SQL DWH - TDE / SSL (SSL enabled by default)
upvoted 86 times
obj95
4 years, 12 months ago
I agree with the data storage choices but not with the encryption methods because in the Security requirements: All cloud data must be encrypted at rest and in transit. -> Tagging data requires TDE and (*processed*) Customer data requires Encryption at rest: So the answer is correct! We only need Encryption at rest because the solution component=processed customer data and not all customer data,otherwhise I'd choose TDE
upvoted 2 times
...
JCWF
4 years, 6 months ago
Cane explain why tagging data - Cosmos DB requires encryption at rest?
upvoted 1 times
toandm
4 years ago
cosmos db does not have TDE, so encryption at rest
upvoted 3 times
...
...
vrmei
3 years, 11 months ago
CosmosDB (Here, document db) - Does not support TDE
upvoted 2 times
vrmei
3 years, 11 months ago
as per requirement, "The tags must be stored in a document database"
upvoted 1 times
...
...
AngelRio
4 years ago
I am agree with you totally, thanks!!
upvoted 3 times
...
...
krisspark
Highly Voted 4 years, 10 months ago
I was impressed by Dp-200 model questions and quality but the answers for DP-201 questions by examtopics is not even average.. most of the answers are creating confusion when checked the discussions and sometimes the discussions are really useful like below.. one with real subject only can crack these questions..
upvoted 36 times
Gch
4 years, 9 months ago
I totally agree with krisspark
upvoted 1 times
...
...
Steviyke
Most Recent 3 years, 11 months ago
I believe this questions and answers are too old and almost irrelevant. The current Microsoft Docs says " With the release of encryption at rest for Cosmos DB, all your databases, media attachments, and backups are encrypted. Your data is now encrypted in transit (over the network) and at rest (nonvolatile storage), giving you end-to-end encryption." Meaning you don't need to do anything to encrypt data at rest and in transit for Cosmos DB.
upvoted 1 times
...
Mandar77
3 years, 12 months ago
Answer is right. Combo DB gas TDE enabled by default. On synapse, we have to explicitly enable encryption at rest. It is not enable by default.
upvoted 1 times
...
sturcu
4 years, 3 months ago
in essence TDE is Encryption at rest. SQL has this option by default (https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-tde-overview?tabs=azure-portal). In cosmos Al data is by default encrypted at rest ( but I do not think this is referred to as TDE: https://docs.microsoft.com/en-us/azure/cosmos-db/database-encryption-at-rest) So The answers should be Reversed: Cosmos : Encrypt at rest; Sql: TDE
upvoted 1 times
...
D_Duke
4 years, 5 months ago
There seems to be some issues with the answers. Firstly, all user data stored in Azure Cosmos DB is encrypted at rest and in transport by default as per the link https://docs.microsoft.com/en-us/azure/cosmos-db/database-encryption-at-rest, so I believe we really don't need to do anything, and if we have to select an answer, it should be Encryption at rest. Secondly, for Azure SQL DB or managed instance, TDE is enabled by default to encrypt data at rest, so we need TLS to encrypt data in transit, but TLS is not in the selection list.
upvoted 3 times
...
syu31svc
4 years, 6 months ago
Reverse/flip the options and it is correct
upvoted 2 times
...
sandGrain
4 years, 7 months ago
TDE is enabled by Default for CosmosDB and SQL DB. So both should be TDE. When you can get TDE by default why use Encryption at Rest?
upvoted 4 times
...
MLCL
4 years, 11 months ago
Nehuu is right: Encryption at rest for Taggin data (Cosmos DB) TDE for customer information (SQL)
upvoted 5 times
...
Abhilvs
4 years, 11 months ago
yes, it should be otherwise here. It's mentioned that tagging data should reside in document DB i.e. Cosmos DB, in that case, that is Encryption at rest. Customer data in parallel processing architecture i.e synapse, which is TDE
upvoted 3 times
...
adamho
5 years ago
I also agreed with Nehuuu
upvoted 7 times
...
samok
5 years, 2 months ago
Agree with Nehuuu
upvoted 16 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel