Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Microsoft Discussions

Exam AZ-305 topic 2 question 19 discussion

Actual exam question from Microsoft's AZ-305
Question #: 19
Topic #: 2
[All AZ-305 Questions]

You have an app named App1 that uses an on-premises Microsoft SQL Server database named DB1.

You plan to migrate DB1 to an Azure SQL managed instance.

You need to enable customer managed Transparent Data Encryption (TDE) for the instance. The solution must maximize encryption strength.

Which type of encryption algorithm and key length should you use for the TDE protector?

  • A. RSA 3072
  • B. AES 256
  • C. RSA 4096
  • D. RSA 2048
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by jose at Jan. 5, 2023, 9:53 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
NotMeAnyWay
Highly Voted 1 year, 5 months ago
Selected Answer: A
A. RSA 3072 RSA 3072 provides a higher level of encryption strength compared to RSA 2048. While RSA 4096 offers even stronger encryption, it is not supported by Azure SQL Database and Azure SQL Managed Instance for TDE protectors. By choosing RSA 3072 for the TDE protector, you ensure strong encryption for your Azure SQL Managed Instance while complying with the platform's requirements. This will help protect sensitive data and maintain compliance with relevant security standards and regulations.
upvoted 23 times
chair123
6 months ago
Correct, Reference: https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql#:~:text=TDE%20protector%20can%20only%20be%20an%20asymmetric%2C%20RSA%2C%20or%20RSA%20HSM%20key.%20The%20supported%20key%20lengths%20are%202048%20bits%20and%203072%20bits.
upvoted 2 times
...
...
wdjonz
Highly Voted 1 year, 3 months ago
The Answer is A and here is why... Per https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-tde-overview?view=azuresql&tabs=azure-portal, if the TDE uses the system managed key, it uses a built in certificate for encryption, hence AES 256 if the TDE uses a customer managed key, then it uses an asymmetric RSA key at 2048 or 3072 And since the question says TDE is using the customer managed key... the answer is A Viola!
upvoted 9 times
...
GabiBT
Most Recent 1 month, 1 week ago
Actualmente RSA 4096 ya es compatible con Azure SQL Database
upvoted 1 times
...
peterp007
8 months, 1 week ago
Was on my exam today - 4th Jan 2024
upvoted 9 times
...
babakeyfgir
9 months, 2 weeks ago
it was a exam Question
upvoted 6 times
...
Elecktrus
11 months, 4 weeks ago
Selected Answer: A
RSA 3072, because is custom managed
upvoted 2 times
...
sw1000
1 year, 3 months ago
Selected Answer: A
There are a lot of confusing elements in this question. At first it mentions on-premise SQL Server, which would allow AES or RSA ... However, the system is to be migrated over to Azure. And here the requirements for customer managed TDE are pretty clear and are listed here: https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql#requirements-for-configuring-tde-protector AES can be enabled as an additional Infrastructure encryption to have two layers, but that was not the question here.
upvoted 3 times
...
Tr619899
1 year, 3 months ago
https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?source=recommendations&view=azuresql#requirements-for-configuring-tde-protector A. 3072
upvoted 2 times
...
zellck
1 year, 6 months ago
Selected Answer: A
A is the answer. https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql#requirements-for-configuring-tde-protector TDE protector can only be an asymmetric, RSA, or RSA HSM key. The supported key lengths are 2048 bytes and 3072 bytes.
upvoted 5 times
...
dagomo
1 year, 7 months ago
Selected Answer: A
https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql#requirements-for-configuring-tde-protector
upvoted 4 times
...
VBK8579
1 year, 7 months ago
Selected Answer: A
Answer A because Azure SQL Database and Azure Synapse Analytics support RSA 3072-bit key length for customer managed TDE with Bring Your Own Key (BYOK) configurations
upvoted 2 times
...
bigz2021
1 year, 7 months ago
A. RSA 3072 ( TDE protector can only be an asymmetric, RSA, or RSA HSM key. The supported key lengths are 2048 bytes and 3072 bytes.)
upvoted 4 times
...
OPT_001122
1 year, 7 months ago
Selected Answer: A
A. RSA 3072
upvoted 4 times
...
OPT_001122
1 year, 7 months ago
A. RSA 3072
upvoted 2 times
...
Liveroso
1 year, 7 months ago
Selected Answer: B
The answer is AES 256 Transparent Data Encryption (TDE) in Azure SQL Managed Instance uses the Advanced Encryption Standard (AES) algorithm to encrypt the data stored in the database and its backups. The AES algorithm is a symmetric encryption algorithm and it supports key lengths of 128, 192, and 256 bits. Among these, AES 256 provides the highest encryption strength and is considered the most secure option for TDE. Therefore, you should use AES 256 for the TDE protector. Check MS docs: https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-tde-overview?view=azuresql&tabs=azure-portal
upvoted 3 times
study_for_azure
1 year, 7 months ago
Per following contents in https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql#requirements-for-configuring-tde-protector To provide Azure SQL customers with two layers of encryption of data at rest, infrastructure encryption (using AES-256 encryption algorithm) with platform managed keys is being rolled out. This provides an addition layer of encryption at rest along with TDE with customer-managed keys, which is already available. ASE is platform managed key, this question is asking for customer managed keys, for now only RSA is qualified.
upvoted 5 times
...
...
armpro
1 year, 7 months ago
Selected Answer: A
Only RSA 3072 and RSA 2048 are supported for TDE protector maximum encryption possible is RSA 3072 https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql#requirements-for-configuring-tde-protector
upvoted 1 times
Liveroso
1 year, 7 months ago
The information provided is not accurate. Transparent Data Encryption (TDE) in Azure SQL Managed Instance uses the Advanced Encryption Standard (AES) algorithm to encrypt the data stored in the database and its backups. AES algorithm is a symmetric encryption algorithm, it supports key lengths of 128, 192, and 256 bits. Among these, AES 256 provides the highest encryption strength and is considered the most secure option for TDE. RSA is not used for TDE. RSA is an asymmetric encryption algorithm, it is used in many different encryption scenarios, not just for TDE. Therefore, you should use AES 256 for the TDE protector.
upvoted 1 times
...
...
RandomNickname
1 year, 8 months ago
From what I can find, I agree with A, RSA 3072 maximum encryption. AES256 for built-in cert. As per below URL, with SQL MI customer managed key https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql It's not RSA4096 since that's for storage encryption as per below; https://learn.microsoft.com/en-us/azure/storage/common/customer-managed-keys-overview & https://learn.microsoft.com/en-us/azure/data-factory/enable-customer-managed-key & https://learn.microsoft.com/en-us/azure/virtual-machines/disk-encryption
upvoted 2 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel