You plan to deploy an Azure SQL database that will store Personally Identifiable Information (PII). You need to ensure that only privileged users can view the PII. What should you include in the solution?
A. dynamic data masking
Dynamic Data Masking (DDM) is a feature in Azure SQL Database that helps you protect sensitive data by obfuscating it from non-privileged users. DDM allows you to define masking rules on specific columns, so that the data in those columns is automatically replaced with a masked value when queried by users without the appropriate permissions. This ensures that only privileged users can view the actual Personally Identifiable Information (PII), while other users will see the masked data.
The best choice here is A. Dynamic Data Masking. Here’s why:
Dynamic Data Masking (DDM)
Purpose: DDM helps protect sensitive data from unauthorized access by masking the data at the query result level. This means that non-privileged users will only see masked data (e.g., partially hidden) instead of the actual PII.
Implementation: It dynamically hides the PII, which is ideal for ensuring that only authorized users can view the full, unmasked data.
Why not the others?
Role-Based Access Control (RBAC)
RBAC controls who has access to the database but doesn’t directly mask or hide PII.
Data Discovery & Classification
This helps you identify and classify sensitive data, but it doesn't restrict access to PII.
Transparent Data Encryption (TDE)
TDE protects data at rest by encrypting the database files. It doesn’t prevent privileged users from viewing the data once they have access to the database.
A is the answer.
https://learn.microsoft.com/en-us/azure/azure-sql/database/dynamic-data-masking-overview?view=azuresql
Dynamic data masking helps prevent unauthorized access to sensitive data by enabling customers to designate how much of the sensitive data to reveal with minimal impact on the application layer. It's a policy-based security feature that hides the sensitive data in the result set of a query over designated database fields, while the data in the database is not changed.
Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics support dynamic data masking. Dynamic data masking limits sensitive data exposure by masking it to non-privileged users.
Answer is : A
Agree on A
https://learn.microsoft.com/en-us/azure/azure-sql/database/dynamic-data-masking-overview?view=azuresql
SQL users excluded from masking - A set of SQL users or Azure AD identities that get unmasked data in the SQL query results. Users with administrator privileges are always excluded from masking, and see the original data without any mask.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ExamTopicsTST
Highly Voted 2 years, 3 months agoDA95
1 year, 11 months agoNotMeAnyWay
Highly Voted 1 year, 8 months agoshaiketisalat
Most Recent 3 weeks, 2 days agoSeMo0o0o0o
3 weeks, 3 days agoMeisAdriano
1 month, 2 weeks agoLen83
3 months, 4 weeks agoply
11 months, 1 week agojcxxxxx2020
1 year, 1 month agoKGi
1 year agoiamhyumi
1 year, 3 months agojj22222
1 year, 8 months agojj22222
1 year, 9 months agozellck
1 year, 9 months agoAiril
1 year, 9 months agoOPT_001122
1 year, 10 months agoPiyal
1 year, 10 months agojj22222
1 year, 10 months agojanvandermerwer
1 year, 10 months ago