ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-764 All Questions

View all questions & answers for the 70-764 exam
Go to Exam

Exam 70-764 topic 1 question 13 discussion

Actual exam question from Microsoft's 70-764
Question #: 13
Topic #: 1
[All 70-764 Questions]

Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
You are the database administrator for a company that hosts Microsoft SQL Server. You manage both on-premises and Microsoft Azure SQL Database environments.
You plan to delegate encryption operations to a user.
You need to grant the user permission to implement cell-level encryption while following the principle of least privilege.
Which permission should you grant?

  • A. DDLAdmin
  • B. db_datawriter
  • C. dbcreator
  • D. dbo
  • E. View Database State
  • F. View ServerState
  • G. View Definition
  • H. sysadmin
Show Suggested Answer Hide Answer
Suggested Answer: G 🗳️
The following permissions are necessary to perform column-level encryption, or cell-level encryption.
CONTROL permission on the database.

✑ CREATE CERTIFICATE permission on the database. Only Windows logins, SQL Server logins, and application roles can own certificates. Groups and roles cannot own certificates.
✑ ALTER permission on the table.
✑ Some permission on the key and must not have been denied VIEW DEFINITION permission.
References: https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/encrypt-a-column-of-data
by MelKr at May 25, 2020, 6:03 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Chandra111
4 years, 4 months ago
View Definition.
upvoted 1 times
...
jolsca
4 years, 9 months ago
correct G https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/encrypt-a-column-of-data?view=sql-server-ver15
upvoted 1 times
...
MelKr
5 years, 1 month ago
D is correct: dbo. As stated in the answer "CONTROL Database" permission is needed. According to https://docs.microsoft.com/en-us/sql/relational-databases/security/permissions-database-engine?view=sql-server-2016, "CONTROL Confers ownership-like capabilities on the grantee. ". Hence, dbo is the correct permission which implies the others required.
upvoted 1 times
KC
4 years, 10 months ago
I believe DBO is a role, not necessarily a permission.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel