ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam
Go to Exam

Exam AZ-305 topic 2 question 19 discussion

Actual exam question from Microsoft's AZ-305
Question #: 19
Topic #: 2
[All AZ-305 Questions]

You have an app named App1 that uses an on-premises Microsoft SQL Server database named DB1.

You plan to migrate DB1 to an Azure SQL managed instance.

You need to enable customer managed Transparent Data Encryption (TDE) for the instance. The solution must maximize encryption strength.

Which type of encryption algorithm and key length should you use for the TDE protector?

  • A. RSA 3072
  • B. AES 256
  • C. RSA 4096
  • D. RSA 2048
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by jose at Jan. 5, 2023, 9:53 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
NotMeAnyWay
Highly Voted 1 year, 11 months ago
Selected Answer: A
A. RSA 3072 RSA 3072 provides a higher level of encryption strength compared to RSA 2048. While RSA 4096 offers even stronger encryption, it is not supported by Azure SQL Database and Azure SQL Managed Instance for TDE protectors. By choosing RSA 3072 for the TDE protector, you ensure strong encryption for your Azure SQL Managed Instance while complying with the platform's requirements. This will help protect sensitive data and maintain compliance with relevant security standards and regulations.
upvoted 26 times
chair123
12 months ago
Correct, Reference: https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql#:~:text=TDE%20protector%20can%20only%20be%20an%20asymmetric%2C%20RSA%2C%20or%20RSA%20HSM%20key.%20The%20supported%20key%20lengths%20are%202048%20bits%20and%203072%20bits.
upvoted 3 times
...
...
wdjonz
Highly Voted 1 year, 9 months ago
The Answer is A and here is why... Per https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-tde-overview?view=azuresql&tabs=azure-portal, if the TDE uses the system managed key, it uses a built in certificate for encryption, hence AES 256 if the TDE uses a customer managed key, then it uses an asymmetric RSA key at 2048 or 3072 And since the question says TDE is using the customer managed key... the answer is A Viola!
upvoted 9 times
...
[Removed]
Most Recent 3 months, 3 weeks ago
Selected Answer: A
A is correct
upvoted 1 times
...
GabiBT
7 months, 1 week ago
Actualmente RSA 4096 ya es compatible con Azure SQL Database
upvoted 1 times
...
peterp007
1 year, 2 months ago
Was on my exam today - 4th Jan 2024
upvoted 9 times
...
babakeyfgir
1 year, 3 months ago
it was a exam Question
upvoted 6 times
...
Elecktrus
1 year, 5 months ago
Selected Answer: A
RSA 3072, because is custom managed
upvoted 2 times
...
sw1000
1 year, 9 months ago
Selected Answer: A
There are a lot of confusing elements in this question. At first it mentions on-premise SQL Server, which would allow AES or RSA ... However, the system is to be migrated over to Azure. And here the requirements for customer managed TDE are pretty clear and are listed here: https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql#requirements-for-configuring-tde-protector AES can be enabled as an additional Infrastructure encryption to have two layers, but that was not the question here.
upvoted 3 times
...
Tr619899
1 year, 9 months ago
https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?source=recommendations&view=azuresql#requirements-for-configuring-tde-protector A. 3072
upvoted 3 times
...
zellck
2 years ago
Selected Answer: A
A is the answer. https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql#requirements-for-configuring-tde-protector TDE protector can only be an asymmetric, RSA, or RSA HSM key. The supported key lengths are 2048 bytes and 3072 bytes.
upvoted 5 times
...
dagomo
2 years, 1 month ago
Selected Answer: A
https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql#requirements-for-configuring-tde-protector
upvoted 4 times
...
VBK8579
2 years, 1 month ago
Selected Answer: A
Answer A because Azure SQL Database and Azure Synapse Analytics support RSA 3072-bit key length for customer managed TDE with Bring Your Own Key (BYOK) configurations
upvoted 2 times
...
bigz2021
2 years, 1 month ago
A. RSA 3072 ( TDE protector can only be an asymmetric, RSA, or RSA HSM key. The supported key lengths are 2048 bytes and 3072 bytes.)
upvoted 4 times
...
OPT_001122
2 years, 1 month ago
Selected Answer: A
A. RSA 3072
upvoted 4 times
...
OPT_001122
2 years, 1 month ago
A. RSA 3072
upvoted 2 times
...
Liveroso
2 years, 1 month ago
Selected Answer: B
The answer is AES 256 Transparent Data Encryption (TDE) in Azure SQL Managed Instance uses the Advanced Encryption Standard (AES) algorithm to encrypt the data stored in the database and its backups. The AES algorithm is a symmetric encryption algorithm and it supports key lengths of 128, 192, and 256 bits. Among these, AES 256 provides the highest encryption strength and is considered the most secure option for TDE. Therefore, you should use AES 256 for the TDE protector. Check MS docs: https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-tde-overview?view=azuresql&tabs=azure-portal
upvoted 3 times
study_for_azure
2 years ago
Per following contents in https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql#requirements-for-configuring-tde-protector To provide Azure SQL customers with two layers of encryption of data at rest, infrastructure encryption (using AES-256 encryption algorithm) with platform managed keys is being rolled out. This provides an addition layer of encryption at rest along with TDE with customer-managed keys, which is already available. ASE is platform managed key, this question is asking for customer managed keys, for now only RSA is qualified.
upvoted 5 times
...
...
armpro
2 years, 1 month ago
Selected Answer: A
Only RSA 3072 and RSA 2048 are supported for TDE protector maximum encryption possible is RSA 3072 https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql#requirements-for-configuring-tde-protector
upvoted 2 times
_punky_
4 months, 1 week ago
Check link he is right
upvoted 1 times
...
Liveroso
2 years, 1 month ago
The information provided is not accurate. Transparent Data Encryption (TDE) in Azure SQL Managed Instance uses the Advanced Encryption Standard (AES) algorithm to encrypt the data stored in the database and its backups. AES algorithm is a symmetric encryption algorithm, it supports key lengths of 128, 192, and 256 bits. Among these, AES 256 provides the highest encryption strength and is considered the most secure option for TDE. RSA is not used for TDE. RSA is an asymmetric encryption algorithm, it is used in many different encryption scenarios, not just for TDE. Therefore, you should use AES 256 for the TDE protector.
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago