ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 3 question 10 discussion

Actual exam question from Microsoft's SC-100
Question #: 10
Topic #: 3
[All SC-100 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing the encryption standards for data at rest for an Azure resource.
You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256 keys. The solution must support rotating the encryption keys monthly.
Solution: For Azure SQL databases, you recommend Transparent Data Encryption (TDE) that uses Microsoft-managed keys.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by zts at Sept. 8, 2022, 8:30 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
zts
Highly Voted 2 years, 3 months ago
Selected Answer: B
To provide Azure SQL customers with two layers of encryption of data at rest, infrastructure encryption (using AES-256 encryption algorithm) with platform managed keys is being rolled out. This provides an addition layer of encryption at rest along with TDE with customer-managed keys, which is already available. ---- Derived from the link below: https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql&viewFallbackFrom=sql-server-ver16
upvoted 5 times
...
masby661
Most Recent 8 months, 3 weeks ago
Selected Answer: A
You can rotate (or just Microsoft do their thing) with MMK. Remember with these type of questions 1 or more of the scenario's may be correct
upvoted 1 times
...
Murtuza
11 months, 1 week ago
The frequency of key rotation for Platform Managed Keys (PMKs) in Azure depends on the specific service or feature you are using. Azure manages the key rotation process for you, but the actual rotation interval may vary.
upvoted 1 times
...
Ario
1 year, 5 months ago
Selected Answer: A
By adopting TDE with Microsoft-managed keys, you can easily implement and maintain data encryption at rest for your Azure SQL databases, while also meeting the goal of supporting monthly key rotation and using AES-256 keys for encryption.
upvoted 1 times
...
zellck
1 year, 6 months ago
Selected Answer: B
B is the answer. https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql Azure SQL transparent data encryption (TDE) with customer-managed key (CMK) enables Bring Your Own Key (BYOK) scenario for data protection at rest, and allows organizations to implement separation of duties in the management of keys and data. With customer-managed TDE, the customer is responsible for and in a full control of a key lifecycle management (key creation, upload, rotation, deletion), key usage permissions, and auditing of operations on keys.
upvoted 3 times
...
Gurulee
1 year, 9 months ago
Selected Answer: B
Customer managed key
upvoted 3 times
...
Philthetill
2 years, 2 months ago
correct
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel