Exam 70-765 topic 3 question 92 discussion

HOTSPOT -
You plan to deploy two new Microsoft Azure SQL Database instances. Once instance will support a data entry application. The other instance will support the companys business intelligence efforts. The databases will be accessed by mobile applications from public IP addresses.
You need to ensure that the database instances meet the following requirements:
✑ The database administration team must receive alerts for any suspicious activity in the data entry database, including potential SQL injection attacks.
✑ Executives around the world must have access to the business intelligence application.
✑ Sensitive data must never be transmitted. Sensitive data must not be stored in plain text in the database.
In the table below, identify the feature that you must implement for each database.
NOTE: Make only one selection in each column. Each correct selection is work one point.
Hot Area:

Suggested Answer:
Data entry: Threat Detection -
SQL Threat Detection provides a new layer of security, which enables customers to detect and respond to potential threats as they occur by providing security alerts on anomalous activities. Users receive an alert upon suspicious database activities, potential vulnerabilities, and SQL injection attacks, as well as anomalous database access patterns.
Business intelligence: Dynamic Data Masking
Dynamic data masking limits (DDM) sensitive data exposure by masking it to non-privileged users. It can be used to greatly simplify the design and coding of security in your application.
References:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-threat-detection https://docs.microsoft.com/en-us/sql/relational-databases/security/dynamic-data-masking