Note: This questions is part of a series of questions that use the same or similar answer choices. An
answer choice may be correct for more than one question in the series. Each question is independent
of the other questions in this series. Information and details provided in a question apply only to that
question.
Your company has several Microsoft Azure SQL Database instances.
Data encryption should be allowed to be implemented by the client applications that access the data. Encryption
keys should not be made available to the database engine.
You need to configure the database.
What should you implement?
A.
transport-level encryption
B.
cell-level encryption
C.
Transparent Data Encryption
D.
Always Encrypted
E.
Encrypting File System
F.
BitLocker
G.
dynamic data masking
Explanation:
Using encryption during transit with Azure File Shares
Azure File Storage supports HTTPS when using the REST API, but is more commonly used as an SMB file
share attached to a VM.
HTTPS is a transport-level security protocol.
Incorrect Answers:
C: TDE encrypts the storage of an entire database by using a symmetric key called the database encryption
key. In SQL Database the database encryption key is protected by a built-in server certificate.
https://docs.microsoft.com/en-us/azure/storage/storage-security-guide#encryption-in-transit
D. Always Encrypted
“Always Encrypted allows clients to encrypt sensitive data inside client applications and never reveal the encryption keys to the Database Engine ( SQL Database or SQL Server).”
https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine
5
0
Thanks….you’re right….answer is D
2
0
answer is d:
in addition i found that
https://docs.microsoft.com/en-gb/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-2017
Client On-Premises with Data in Azure
A customer has an on-premises client application at their business location. The application operates on sensitive data stored in a database hosted in Azure ( SQL Database or SQL Server running in a virtual machine on Microsoft Azure). The customer uses Always Encrypted and stores Always Encrypted keys in a trusted key store hosted on-premises, to ensure Microsoft cloud administrators have no access to sensitive data.
1
0