ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-203 All Questions

View all questions & answers for the AZ-203 exam
Go to Exam

Exam AZ-203 topic 24 question 23 discussion

Actual exam question from Microsoft's AZ-203
Question #: 23
Topic #: 24
[All AZ-203 Questions]

You need to ensure that the SecurityPin security requirements are met.

  • A. Configure the web application to connect to the database using the WebAppIdentity security principal. Using the Azure Portal, add Data Masking to the SecurityPin column and exclude the WebAppIdentity service principal.
  • B. Using the Azure Portal, add Data Masking to the SecurityPin column, and exclude the dbo user. Add a SQL security policy with a filter predicate based on the user identity.
  • C. Enable Always Encrypted for the SecurityPin column using a certificate based on a trusted certificate authority. Update the Getting Started document with instructions to ensure that the certificate is installed on user machines.
  • D. Enable Always Encrypted for the SecurityPin column using a certificate contained in Azure Key Vault and grant the WebAppIdentity service principal access to the certificate.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
Scenario: Users' SecurityPin must be stored in such a way that access to the database does not allow the viewing of SecurityPins. The web application is the only system that should have access to SecurityPins.
Incorrect Answers:
A, B: Instead of DataMasing, enable Always Encrypted for the SecurityPin column.
C: Enable Always Encrypted is correct, but only the WebAppIdentity service principal should be given access to the certificate.
Implement Azure security
by bob2Be at Aug. 1, 2020, 3:27 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sinh
4 years, 8 months ago
This is the same problem as No. 83,84,85.
upvoted 2 times
Chilred
4 years, 5 months ago
I think this is helpful, because you should always see the questions in context. So D should be right.
upvoted 1 times
...
...
dennitorf
4 years, 10 months ago
Data masking is used for hide a portion of the data. The requirements is that any person o any resource, with exception in the webapp, can read the data. So, it is always encrypted feature.
upvoted 1 times
...
bob2Be
4 years, 11 months ago
Seems to me that the answer should be A. The requirement is for hiding the data, so Data Masking would be fine.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel