ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam DP-200 All Questions

View all questions & answers for the DP-200 exam
Go to Exam

Exam DP-200 topic 4 question 22 discussion

Actual exam question from Microsoft's DP-200
Question #: 22
Topic #: 4
[All DP-200 Questions]

You have an Azure SQL database that has masked columns.
You need to identify when a user attempts to infer data from the masked columns.
What should you use?

  • A. Azure Advanced Threat Protection (ATP)
  • B. custom masking rules
  • C. Transparent Data Encryption (TDE)
  • D. auditing
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
Dynamic Data Masking is designed to simplify application development by limiting data exposure in a set of pre-defined queries used by the application. While
Dynamic Data Masking can also be useful to prevent accidental exposure of sensitive data when accessing a production database directly, it is important to note that unprivileged users with ad-hoc query permissions can apply techniques to gain access to the actual data. If there is a need to grant such ad-hoc access,
Auditing should be used to monitor all database activity and mitigate this scenario.
References:
https://docs.microsoft.com/en-us/sql/relational-databases/security/dynamic-data-masking
by visakh at May 8, 2020, 8:17 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
chatw
Highly Voted 5 years ago
While Dynamic Data Masking can also be useful to prevent accidental exposure of sensitive data when accessing a production database directly, it is important to note that unprivileged users with ad-hoc query permissions can apply techniques to gain access to the actual data. If there is a need to grant such ad-hoc access, Auditing should be used to monitor all database activity and mitigate this scenario.
upvoted 15 times
...
visakh
Highly Voted 5 years, 1 month ago
It says "when a user attempts to infer" which is futuristic and not analysis of events that have occured. In that case I think it should be Advance Threat Detection and not Auditing. Auditing only enables us to review the events that have happened before
upvoted 13 times
...
sri
Most Recent 4 years, 4 months ago
Why isn't it A?
upvoted 2 times
...
syu31svc
4 years, 7 months ago
Answer is D
upvoted 3 times
dumpsm42
4 years, 6 months ago
yes. https://docs.microsoft.com/pt-pt/azure/azure-sql/database/auditing-overview
upvoted 1 times
...
...
brcdbrcd
4 years, 7 months ago
https://docs.microsoft.com/en-us/sql/relational-databases/security/dynamic-data-masking?view=sql-server-ver15#security-note-bypassing-masking-using-inference-or-brute-force-techniques
upvoted 3 times
...
Andrexx
4 years, 8 months ago
I tend to agree with the answer. In addition to everything written here, the other options don't seem to make sense.
upvoted 2 times
...
kilowd
4 years, 10 months ago
Security Note: Bypassing masking using inference or brute-force techniques Dynamic Data Masking is designed to simplify application development by limiting data exposure in a set of pre-defined queries used by the application. While Dynamic Data Masking can also be useful to prevent accidental exposure of sensitive data when accessing a production database directly, it is important to note that unprivileged users with ad-hoc query permissions can apply techniques to gain access to the actual data. If there is a need to grant such ad-hoc access, Auditing should be used to monitor all database activity and mitigate this scenario.
upvoted 8 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel