You are the database administrator for your company. Your company has one main office and two branch offices. You plan to create three databases named DB1, DB2, and DB3 that will be hosted on one Azure SQL Database server. You have the following requirements:

• The main office must be able to connect to all three databases.
• The branch offices must be able to connect to DB2 and DB3.
• The branch offices must not be able to access DB1.

You need to configure transparent data encryption (TDE) for DB1. Which two actions should you perform? Each correct answer presents part of the solution.

A. Run CREATE CERTIFICATE certl WITH Subject = TDE Cert1 on DB1.

B. Connect to DB1.

C. Run ALTER DATABASE DB1 SET ENCRYPTION ON;.

D. Connect to the master database.

E. Run CREATE MASTER KEY on the master database.

Explanation:

You should connect to DB1. To encrypt DB1, you connect directly to DB1. When you connect to DB1.

You use your dbmanager or administrative credentials.

You should run ALTER DATABASE DB1 SET ENCRYPTION ON.

You use the ALTER DATABASE

DB1 SET ENCRYPTION ON statement to encrypt the database. This is the statement that turns on TDE for Azure SQL Database.

Incorrect Answers:

A: You should not run CREATE CERTIFICATE certl WITH Subject = TDE Cert on DB1. You do not need to create a certificate to encrypt an Azure SQL database. This would be a part of the solution when you encrypt an on-premises database. You should not connect to the master database. To encrypt DB1, you need to connect directly to DB1. not to the master database.

E: You should not run CREATE MASTER KEY on the master database.

You would execute CREATE MASTER KEY when you have to encrypt an on-premises database.

References: https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-encryption