ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 3 question 26 discussion

Actual exam question from Microsoft's SC-100
Question #: 26
Topic #: 3
[All SC-100 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing the encryption standards for data at rest for an Azure resource.
You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256 keys. The solution must support rotating the encryption keys monthly.
Solution: For Azure SQL databases, you recommend Transparent Data Encryption (TDE) that uses customer-managed keys (CMKs).
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by PlumpyTumbler at Sept. 2, 2022, 4:04 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
zellck
5 months, 2 weeks ago
Selected Answer: A
A is the answer. https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql Azure SQL transparent data encryption (TDE) with customer-managed key (CMK) enables Bring Your Own Key (BYOK) scenario for data protection at rest, and allows organizations to implement separation of duties in the management of keys and data. With customer-managed TDE, the customer is responsible for and in a full control of a key lifecycle management (key creation, upload, rotation, deletion), key usage permissions, and auditing of operations on keys.
upvoted 1 times
...
CertShooter
10 months, 2 weeks ago
Selected Answer: A
Yes, this solution meets the goal of ensuring that the data at rest is encrypted by using AES-256 keys and supporting rotating the encryption keys monthly. Transparent Data Encryption (TDE) is a feature of Azure SQL that allows you to encrypt your databases and their backups with AES-256 keys. By using TDE with customer-managed keys (CMKs), you can manage the encryption keys yourself, which means that you have full control over the keys and can rotate them on a regular basis. This can help ensure that your data at rest is encrypted using AES-256 keys and that the encryption keys are rotated regularly to enhance security.
upvoted 4 times
...
JakeCallham
1 year ago
Selected Answer: A
Anser is yes, see provided link: https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-key-rotation?view=azuresql&tabs=azure-portal#automatic-key-rotation
upvoted 4 times
...
JOKERO
1 year ago
I would say no, because TDE is asymmetric key (can't be AES) In this scenario, the key used for encryption of the Database Encryption Key (DEK), called TDE protector, is a customer-managed asymmetric key stored in a customer-owned and customer-managed Azure Key Vault To provide Azure SQL customers with two layers of encryption of data at rest, infrastructure encryption (using AES-256 encryption algorithm) with platform managed keys is being rolled out.
upvoted 2 times
JakeCallham
1 year ago
You are wrong: https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-key-rotation?view=azuresql&tabs=azure-portal you can do it. answer is Yes
upvoted 2 times
Jacquesvz
10 months, 3 weeks ago
Agreed. I also found this article that talks to the TDE using AES 256: https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-encryption?view=sql-server-ver16#enable-tde
upvoted 1 times
...
...
...
zts
1 year, 1 month ago
Selected Answer: A
The requirement says: "solution must support rotating the encryption keys monthly" - you cannot do this if Microsoft manage the keys.
upvoted 3 times
...
PlumpyTumbler
1 year, 1 month ago
CMK to configure monthly rotation. If Microsoft is managing the key, you don't control it. CMK is more expensive because that's a resource in your subscription. From the docs: "By default, the data is encrypted at rest with service-managed keys, but customer-managed keys are commonly required to meet regulatory compliance standards. Customer-managed keys enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management."
upvoted 4 times
WickedMJ
1 year, 1 month ago
So what is the answer?
upvoted 1 times
JakeCallham
1 year ago
Answer is yes
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago