ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam DP-200 All Questions

View all questions & answers for the DP-200 exam
Go to Exam

Exam DP-200 topic 3 question 30 discussion

Actual exam question from Microsoft's DP-200
Question #: 30
Topic #: 3
[All DP-200 Questions]

You have an Azure SQL database that contains a table named Customer. Customer contains the columns shown in the following table.

You apply a masking rule as shown in the following table.

Which users can view the email addresses of the customers?

  • A. Server administrators and all users who are granted the UNMASK permission to the Customer_Email column only.
  • B. All users who are granted the UNMASK permission to the Customer_Email column only.
  • C. Server administrators only.
  • D. Server administrators and all users who are granted the SELECT permission to the Customer_Email column only.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Grant the UNMASK permission to a user to enable them to retrieve unmasked data from the columns for which masking is defined.
Reference:
https://docs.microsoft.com/en-us/sql/relational-databases/security/dynamic-data-masking
by dataeng1102 at April 7, 2021, 1:22 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
MsIrene
Highly Voted 4 years, 1 month ago
As for me, the answer is C Server administrators only, because in this particular case Users excluded = None, so no one was granted the UNMASK permission.
upvoted 21 times
yassine70
3 years, 8 months ago
Agree with @MsIrene. "SQL users excluded from masking - A set of SQL users or Azure AD identities that get unmasked data in the SQL query results. Users with administrator privileges are always excluded from masking, and see the original data without any mask." https://docs.microsoft.com/en-us/azure/azure-sql/database/dynamic-data-masking-overview
upvoted 1 times
...
...
dataeng1102
Highly Voted 4 years, 2 months ago
This is incorrect. Both server admins and users with unmasked permissions can see unmasked data.
upvoted 17 times
Devendra00023
4 years, 2 months ago
Yeah, refer - https://docs.microsoft.com/en-us/azure/azure-sql/database/dynamic-data-masking-configure-portal
upvoted 2 times
DMQA
4 years, 1 month ago
A seems to be the correct answer.. Refer to Dynamic data masking policy > SQL users excluded from masking of the page below, which mentions "Users with administrator privileges are always excluded from masking, and see the original data without any mask." . Hands-on would clear any further confusion. https://docs.microsoft.com/en-us/azure/azure-sql/database/dynamic-data-masking-overview
upvoted 2 times
...
...
111222333
4 years ago
Correct, answer is A. Users with administrator privileges always have access to the original unmasked data. https://docs.microsoft.com/en-us/azure/azure-sql/database/dynamic-data-masking-configure-portal
upvoted 4 times
...
...
Hinzzz
Most Recent 3 years, 11 months ago
B is the correct answer. The keyword is Server Administrator not the DB administrators.
upvoted 1 times
...
VishalTile
3 years, 12 months ago
Users with administrator privileges always have access to the original unmasked data. So answer is A.
upvoted 1 times
bs_2021
3 years, 11 months ago
You are right but that applies to database admins not server admins . Hence, B should be the right answer
upvoted 1 times
...
...
lapomidoro
4 years ago
Unmask cannot be specified for a particular column. It's granted for a user. So C is the correct answer
upvoted 2 times
psal2020
3 years, 11 months ago
Agree-"However this permission is globally applied at the database level, meaning that if a user has this permission, they have the ability to read the actual data in any column for which they have SELECT permission"
upvoted 1 times
...
...
Amy007
4 years ago
Correct Answer is A. Type the SQL users or Azure Active Directory (Azure AD) identities that should be excluded from masking, and have access to the unmasked sensitive data. This should be a semicolon-separated list of users. Users with administrator privileges always have access to the original unmasked data.
upvoted 3 times
...
cadio30
4 years, 1 month ago
For this scenario, the answer is C since by default Server Administrator is excluded from masking and there are no indicated users in the "users excluded" which in case if there is then the values are visible to those people.
upvoted 1 times
cadio30
4 years ago
come to think of it, one can execute a grant permission using T-SQL to "unmask" the user. therefore the answer should be option A.
upvoted 1 times
cadio30
4 years ago
correct answer is C When grant unmask it allows to expose all of the mask columns from a table. Given the option A, it states at the end that it will only unmask the "email" column only.
upvoted 3 times
...
...
...
NamishBansal
4 years, 1 month ago
The article has no mention of Server Administrators being able to see masked data, so I guess given answer is correct.
upvoted 1 times
...
Mily94
4 years, 1 month ago
correct answer: A Server admins always have access to masked data + users with unmasked permissions
upvoted 1 times
...
samkslee
4 years, 1 month ago
SQL users excluded from masking - A set of SQL users or Azure AD identities that get unmasked data in the SQL query results. Users with administrator privileges are always excluded from masking, and see the original data without any mask. https://docs.microsoft.com/en-us/azure/azure-sql/database/dynamic-data-masking-overview#dynamic-data-masking-policy
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel