Exam DP-203 topic 3 question 4 discussion

C is the right answer. Check the discussion here: https://www.examtopics.com/discussions/microsoft/view/18788-exam-dp-201-topic-3-question-12-discussion/

Data masking does not protect against inferrring with the data

Column-level security allows you to restrict access to specific columns in a table based on user permissions. This means that salespeople would only be able to see the columns that they need to see, such as the customer's name, address, and email address. They would not be able to see the credit card information, which would be encrypted and hidden from them. Always Encrypted is a good option for protecting sensitive data that needs to be accessed by multiple users. However, it is not as suitable for this scenario because it encrypts the entire table, including the columns that salespeople need to see. This would make it difficult for salespeople to do their jobs. Here is a summary of why column-level security is the better choice in this case: Column-level security is more granular and allows you to control access to specific columns. Column-level security does not impact the performance of queries as much as Always Encrypted. Column-level security is easier to implement and manage.

Data masking does not protect against inferrring with the data

Infer data means: SELECT ID, Name, Salary FROM Employees WHERE Salary > 99999 and Salary < 100001; +------------+---------------------+--------+ |Id |Name |Salary| +------------+---------------------+--------+ |62543 |Jane Doe |0 | |91245 |John Smith |0 | +------------+--------------------+----------+

Only with DDM, you can guess with trying some queries

C is the answer As an example, consider a database principal that has sufficient privileges to run ad-hoc queries on the database, and tries to 'guess' the underlying data and ultimately infer the actual values. Assume that we have a mask defined on the [Employee].[Salary] column, and this user connects directly to the database and starts guessing values, eventually inferring the [Salary] value of a set of Employees: https://learn.microsoft.com/en-us/sql/relational-databases/security/dynamic-data-masking?view=sql-server-ver16#security-note-bypassing-masking-using-inference-or-brute-force-techniques

Column level security is the correct answer !!

correct

There is nothing that says that you must use the credit card masking rule, you can use another one. This way, the sales persons has access to all entries but cannot infer the credit card. The answer is A

Column-level security prevent get "credit card" column, you not be able to infer the credit card information contrary to "masking".

There are 2 parts to it: 1. provide salespeople with the ability to <b>view all the entries</b> in Customers. 2. should not be able to infer. DDM is the only solution if you have to comply with both requirements

C is correct. The requirement is to put restriction on viewing or inferring. In other words, don't allow to access the column. My previous choice A was wrong.

You get 'The SELECT permission was denied on the colum...' error if you use column level security. You need to allow to query the column with protection which is acheived using data masking. So A is correct

to provide salespeople with the ability to view all the entries in Customers. (Column level security prevents that) The solution must prevent all the salespeople from viewing or inferring the credit card information. (Data masking helps infer information even when you can view the column)

Data Masking is the correct Answer, it is not necessarily he need to use credit card masking. we can even use Default or Random and avoid users from inferring the data. Hence A is the Right Answer.

Selected Answer: C