You manage a Microsoft SQL Server environment in a Microsoft Azure virtual machine.

You must enable Always Encrypted for columns in a database.

You need to configure the key store provider.

What should you do?

A. Use the Randomized encryption type

B. Modify the connection string for applications.

C. Auto-generate a column master key.

D. Use the Azure Key Vault.

Explanation:

There are two high-level categories of key stores to consider – Local Key Stores, and Centralized Key Stores.

• Centralized Key Stores – serve applications on multiple computers. An example of a centralized key store is Azure Key Vault.
• Local Key Stores

References: https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/create-and-store-column-master-keys-always-encrypted