Suggested Answer:C🗳️
Must ensure that sensitive health data is encrypted at rest and in transit. Always Encrypted is a feature designed to protect sensitive data stored in Azure SQL Database or SQL Server databases. Always Encrypted allows clients to encrypt sensitive data inside client applications and never reveal the encryption keys to the database engine (SQL Database or SQL Server). Reference: https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest https://docs.microsoft.com/en-us/azure/security/fundamentals/database-security-overview
Answer is C - Always Encrypted.
In Microsoft article it is not indicated that TLS enforces TDE, and its clearly stated that TLS protects data in transit only. Source: https://docs.microsoft.com/en-us/azure/azure-sql/database/security-overview
"Always Encrypted protects the data, stored in encrypted columns, at rest and in transit. However, unless your goal is to protect sensitive data in use, TDE is the recommended choice for encryption at rest, and we recommend TLS for protecting data in-transit. In fact, it is often advised to use Always Encrypted, TDE, and TLS together"
TDE as the first line of defense (and to meet common compliance requirements) to encrypt the entire database at rest.
TLS to protect all traffic to the database.
Always Encrypted to protect highly sensitive data from high-privilege users and malware in the database environment.
Source: https://azure.microsoft.com/pl-pl/blog/transparent-data-encryption-or-always-encrypted/
Always encrypted is used only for specific columns and it relates to situation when data should never be exposed to database users, even highly privliged DBAs. If you want encryption at rest use TDE, TLS is always enforced, eventually db is always encrypted.
Stop confusing this with always encrypted, it's completely different feature
"Ensure that sensitive health data is encrypted at rest and in transit."
By the other clues its sure that the Database is a Azure SQL DB.
Now all the Azure SQL DB have got the default setting of TDE which is used for "Encryption at rest".
So here TDE is by default and for Encryption at transit we need to use TLS.
As a result I guess B should be the answer which is TLS.
Can anyone help me to validate my understanding reg this answer.
C correct: Communication between a client application and an Azure Storage account is encrypted using Transport Layer Security (TLS). Here the case is about Azure SQL DB.
TDE is a given feature and Always encrypted is needed as extra.
https://docs.microsoft.com/en-us/azure/storage/common/transport-layer-security-configure-minimum-version?tabs=portal
Always encrypted revokes the access to the sensitive data from database admins/operators - only the application using a private key has the capability to access the data. So data is encrypted on the database level while in TDE the data is encrypted on the storage level. In this question, it seems like the AE is required since the health data is highly sensitive!
Req: "Ensure that sensitive health data is encrypted at rest and in transit."
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.DP-201 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
chaoxes
Highly Voted 4 years, 4 months agosyu31svc
Most Recent 4 years, 5 months agoIsio05
4 years, 5 months agormk4ever
4 years, 7 months agoSudipta3009
4 years, 9 months agoRamsarda1423
4 years, 9 months agoTreadmill
4 years, 9 months agoM0e
4 years, 6 months agoAbhilvs
4 years, 10 months agoabeworld
5 years agoYuri1101
5 years agoIsrael2
4 years, 10 months ago