ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-203 All Questions

View all questions & answers for the AZ-203 exam
Go to Exam

Exam AZ-203 topic 8 question 1 discussion

Actual exam question from Microsoft's AZ-203
Question #: 1
Topic #: 8
[All AZ-203 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this question, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that the SecurityPin security requirements are met.
Solution: Enable Always Encrypted for the SecurityPin column using a certificate based on a trusted certificate authority. Update the Getting Started document with instructions to ensure that the certificate is installed on user machines.
Does the solution meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Enable Always Encrypted is correct, but only the WebAppIdentity service principal should be given access to the certificate.
Scenario: Users' SecurityPin must be stored in such a way that access to the database does not allow the viewing of SecurityPins. The web application is the only system that should have access to SecurityPins.
by AnkitN at Aug. 30, 2020, 2:15 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Namco04
4 years, 5 months ago
given answer is correct
upvoted 2 times
...
gunencali
4 years, 6 months ago
Answer : B Explanation: Scenario: Users SecurityPin must be stored in such a way that access to the database does not allow the viewing of SecurityPins. The web application is the only system that should have access to SecurityPins. All certificates and secrets used to secure data must be stored in Azure Key Vault.
upvoted 4 times
...
AnkitN
4 years, 10 months ago
Correct Answer – A Yes, you can use certificates from a valid certificate authority for enabling Always on Encryption. An example is also given in the Microsoft documentation. For more information on Always Encrypted using a certificate store, one can go to the below link: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-always-encrypted
upvoted 3 times
ahadjithoma
4 years, 6 months ago
Scenario: Users' SecurityPin must be stored in such a way that access to the database does not allow the viewing of SecurityPins. The web application is the only system that should have access to SecurityPins. Solution: Update the Getting Started document with instructions to ensure that the certificate is installed on user machines. I guess users should not have the certificate otherwise they will be able to view the security pins.. So answer should be NO
upvoted 4 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel