ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 4 question 30 discussion

Actual exam question from Microsoft's SC-100
Question #: 30
Topic #: 4
[All SC-100 Questions]

HOTSPOT
-

You have an Azure SQL database named DB1 that contains customer information.

A team of database administrators has full access to DB1.

To address customer inquiries, operators in the customer service department use a custom web app named App1 to view the customer information.

You need to design a security strategy for DB1. The solution must meet the following requirement:

• When the database administrators access DB1 by using SQL management tools, they must be prevented from viewing the content of the CreditCard attribute of each customer record.
• When the operators view customer records in App1, they must view only the last four digits of the CreditCard attribute.

What should you include in the design? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by Victory007 at Aug. 5, 2023, 3:48 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kanag1
Highly Voted 1 year, 8 months ago
For the database administrators: Always Encrypted For the operators: Dynamic Data Masking Always Encrypted is a feature designed to protect sensitive data, such as credit card numbers or national/regional identification numbers. Always Encrypted allows clients to encrypt sensitive data inside client applications and never reveal the encryption keys to the Database Engine. https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-ver16 Dynamic data masking helps prevent unauthorized access to sensitive data by enabling customers to designate how much of the sensitive data to reveal with minimal effect on the application layer. https://learn.microsoft.com/en-us/azure/azure-sql/database/dynamic-data-masking-overview?view=azuresql
upvoted 14 times
ServerBrain
1 year, 8 months ago
But then when you do Always encrypted the admins are as good as not having full access. Block 1 should be Row-level security as it's just the CreditCard row they should not see
upvoted 2 times
ServerBrain
1 year, 8 months ago
looks like i'm wrong...
upvoted 3 times
...
...
...
Ali96
Most Recent 2 months ago
For the database administrators: Always Encrypted For the operators: Dynamic data masking
upvoted 1 times
...
Socgen1
9 months, 2 weeks ago
A. Always Encrpyted B. Dynamic data masking in exam - 14/07/2024
upvoted 4 times
...
emartiy
10 months ago
Since it says; When the database administrators access DB1 by using SQL management tools, they must be prevented from viewing the content of the CreditCard attribute of each customer record - For administrators row-level security fulfill this requirement https://learn.microsoft.com/en-us/sql/relational-databases/security/row-level-security?view=sql-server-ver16 for the operators: Dynamic data masking fulfills the requirements.
upvoted 1 times
...
billo79152718
1 year, 2 months ago
Correct is: 1: Always encrypted 2: Dynamic data masking
upvoted 2 times
...
Cleggs
1 year, 3 months ago
I believe both are Dynamic Data Masking. Reason: RLS blocks the entire customer row Always Encrypt has no basis on this question since we need to block only certain blocks of data (CC) from the DBAs TDE the same. There was never a statement about handling the CCs during processing or transmission. Just viewing the data via the SQL management apps or App1. The only item there that can do both Dynamic Data Masking.
upvoted 1 times
Cleggs
1 year, 3 months ago
correction: I was doing some more reading and I believe since admins can get past Dynamic Data Masking that the given answer is the correct of Always Encrypt and Data Masking.
upvoted 2 times
...
...
Murtuza
1 year, 3 months ago
ways Encrypted is a feature designed to protect sensitive data, such as credit card numbers or national/regional identification numbers (for example, U.S. social security numbers), stored in Azure SQL Database, Azure SQL Managed Instance, and SQL Server databases. Always Encrypted allows clients to encrypt sensitive data inside client applications and never reveal the encryption keys to the Database Engine. This provides a separation between those who own the data and can view it, and those who manage the data but should have no access - on-premises database administrators, cloud database operators, or other high-privileged unauthorized users.
upvoted 2 times
...
Murtuza
1 year, 3 months ago
What should you use to ensure credit card numbers in an Azure SQL database are protected while data is being processed? Final answer: To protect credit card numbers in an Azure SQL database while processing, you should use Transparent Data Encryption (TDE) and Always Encrypted.
upvoted 1 times
...
karincauk
1 year, 3 months ago
1- Always encrypt "2- Low level "should be correct. because db operator can see last 4 digit.
upvoted 1 times
Ramye
1 year, 3 months ago
no, those operators are non-privileged (not any admin type) users, so they will see only what are not masked - the last 4 digits
upvoted 1 times
...
...
ttttt23212121
1 year, 6 months ago
Row Level Security For 1 Dynamic Data Masking for 2
upvoted 3 times
...
Victory007
1 year, 8 months ago
1. Dynamic Masking. 2. Always Encrypted. To meet the requirements, you should include Dynamic Data Masking for the operators and Always Encrypted for the database administrators in your design. Dynamic Data Masking (DDM) is a feature that limits sensitive data exposure by masking it to non-privileged users. It can be used to greatly simplify the design and coding of security in your application.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago