Exam DP-203 topic 3 question 9 discussion

The Answer should be No, No, No. Analysts have access to in-region sensitive data, so the first one should be No. Engineers have access to all numeric sensitive data, Height is patient’s height in CM, so the second and third one should also No.

the solution is correct: Yes, no, yes. Just because somebody has access, doesnt mean that they dont need any dynamic masking. It just means that they have access and a policy is required. If they had no access, then obviously no data masking is required. Statement 1: Analysts in Region A have access to (all) the following sensitive data in region A: CardOnFile, Heigth and ContactEmail. Since financial (CardOnFike) and PII (ContactEmail) are considered sensitive data you need dynamic data masking: so Yes. Statement 2 & 3: Engineers have access to all numeric sensitive data (which means in every region). So they have access to height. Height is medical and therefore only sensitive in Region B according to the second table, but not in Region A. So Statement 2 is “No” and Statement 3 is “Yes”

the answer is : No, No,NO

This is the worst question I have come across.

I found this question on my exam 30/04/2024, and I put Yes/no/Yes. I passed the exam with a high score, but I'm not sure if the answer is correct.

What the hell? It's a very confusing question!

The question is poorly written. The problem is that you define dynamic data masking directly on the column and its enabled for every one (except admins, db_owner and etc...) Then you GRANT UNMASK permission for those that needed access to the original content. If you look that way (who needs grant unmask) the provided answers are correctly. If you think of enable or not enable masking its No, No and No. (but for me doesn´t make sense)

in oder, y,n,y

First: NO, because there a no medical data in the region A. Second and Third, NO, because data engineers can see numeric data in all regions (heigth is number).

Answer should be NO, NO, NO. Analyst have access to in-region sensitive data, Engineers have access to all numeric sensitive data.

Q1: Yes, these users need to see past any default masking. Analysts have access to in-region sensitive data. So, since they're in RegionA looking at RegionA data, the default masking should be dynamically removed for them. Q2: No, these users should see data with default masking. You have to assume that Enhanced Access only apply to users when they are in their own region. Since the Engineers are outside of the region, they are treated as regular users, with default masking. Perhaps there's some documentation in Azure that says you can't enhance access for users outside of a given region, but I'm not aware of any. Personally, I feel the wording of the Enhanced Access makes me assume it's "region agnostic". However, the given answer (of No) seems to imply otherwise. Q3: Yes, these users need to see past SOME default masking. There's a lot to consider, but I assume because the Engineers need to see numeric data, and both Financial and Medical data is numeric, they need to SOME data unmasked.

Answer: Yes, No, Yes. This is a poorly worded question, in my opinion. I eventually came to accept the given answer of Yes, No, Yes. However, my gut would have had me say No (no masking), Yes (mask e-mail), Yes (mask e-mail). I initially assumed that "Yes" meant the user should have the data masked/treated for them. Based on the given answers (of Yes, No, Yes) it seems like it's the opposite

Answer: Yes, No, Yes. This is a poorly worded question, in my opinion. I eventually came to accept the given answer of Yes, No, Yes. However, my gut would have had me say No (no masking), Yes (mask e-mail), Yes (mask e-mail).

after reading discussion very confused. What could be the answer.

Analysts in RegionA require dynamic data masking rules for [Patients RegionA]. Yes. Since analysts in RegionA have access to in-region sensitive data, which includes PII, dynamic data masking rules should be implemented for the [Patients RegionA] table to mask the [ContactEmail] column which contains PII. Engineers in RegionC require a dynamic data masking rule for [Patients RegionA], [Height]. No. Engineers in RegionC have access to all numeric sensitive data, but [Height] is not considered sensitive data in RegionC, only in RegionB. Therefore, there is no need to implement a dynamic data masking rule for [Height] in RegionC. Engineers in RegionB require a dynamic data masking rule for [Patients RegionB], [Height]. Yes. Engineers in RegionB have access to sensitive data, including medical data, which includes the [Height] column in the [Patients RegionB] table. Therefore, dynamic data masking should be implemented for the [Height] column in the [Patients RegionB] table.

This answer is clearly NO, NO, NO

The answer is No for all questions. Engineers have full access to all data so no need for data masking. Analysts have access to in region data already.