Seems correct, as randomized encryption would not allow for grouping/joining of data
https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-ver15#selecting--deterministic-or-randomized-encryption
It is correct. and speedminer is got the right link:
"Deterministic encryption always generates the same encrypted value for any given plain text value. Using deterministic encryption allows point lookups, equality joins, grouping and indexing on encrypted columns. However, it may also allow unauthorized users to guess information about encrypted values by examining patterns in the encrypted column, especially if there's a small set of possible encrypted values, such as True/False, or North/South/East/West region. Deterministic encryption must use a column collation with a binary2 sort order for character columns.
Randomized encryption uses a method that encrypts data in a less predictable manner. Randomized encryption is more secure, but prevents searching, grouping, indexing, and joining on encrypted columns."
https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-ver15#selecting--deterministic-or-randomized-encryption
Using deterministic encryption allows point lookups, equality joins, grouping and indexing on encrypted columns.
A is the answer
Correct Answer A
"Use deterministic encryption for columns that will be used as search or grouping parameters. For example, a government ID number. Use randomized encryption for data such as confidential investigation comments, which aren't grouped with other records and aren't used to join tables. "
https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-ver15
Correct
Requirement:
"Payment processing system must be able to use grouping and joining tables on encrypted columns."
Deterministic Encryption:
I think that the deterministic encryption type is somewhat similar to the way hashing algorithms work. This method always generates the same encrypted value for any given plaintext value.
This means if we would encrypt a boolean column holding only true values the encrypted payload would be the same for each of the values.
This method allows grouping, filtering by equality and joining tables based on encrypted values, but could also allow a malicious user to guess information by examining patterns and then deduce the plain-text value.
https://www.azureblue.io/always-encrypted-deterministic-vs-randomized/
from:
"Only the front-end and middle-tier components must be able to access the encryption keys that protect the data store."
and the ask to minimize the changes to the middle tier & backend tier , would trend to TDE with BYOC : https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview
TDE would not meet the requirement "encrypt data in transit and at rest." With TDE, server decrypts the data on reading it from the database. https://azure.microsoft.com/en-us/blog/transparent-data-encryption-or-always-encrypted/
This section is not available anymore. Please use the main Exam Page.AZ-304 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
speedminer
Highly Voted 4 years, 9 months agohoangton
3 years, 10 months agoYellowSky002
Highly Voted 4 years, 3 months agoAD3
Most Recent 3 years, 3 months agous3r
3 years, 4 months agosyu31svc
3 years, 8 months agonkv
3 years, 8 months agomojsamspam
3 years, 11 months agomactone
4 years agoStephan99
4 years, 3 months agoBlaaa
4 years, 4 months agowgre
4 years, 5 months agoolivier_s
4 years, 5 months agopentium75
3 years, 9 months agoSHABS78
4 years, 7 months ago