Question 99 of 115 from exam AZ-304: Microsoft Azure Architect Design
Question
HOTSPOT -
You have an Azure SQL database named DB1.
You need to recommend a data security solution for DB1. The solution must meet the following requirements:
-> When helpdesk supervisors query DB1, they must see the full number of each credit card.
-> When helpdesk operators query DB1, they must see only the last four digits of each credit card number.
-> A column named Credit Rating must never appear in plain text within the database system, and only client applications must be able to decrypt the Credit
Rating column.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Explanations
Box 1: Dynamic data masking -
Dynamic data masking helps prevent unauthorized access to sensitive data by enabling customers to designate how much of the sensitive data to reveal with minimal impact on the application layer. It's a policy-based security feature that hides the sensitive data in the result set of a query over designated database fields, while the data in the database is not changed.
Box 2: Always encrypted -
Data stored in the database is protected even if the entire machine is compromised, for example by malware. Always Encrypted leverages client-side encryption: a database driver inside an application transparently encrypts data, before sending the data to the database. Similarly, the driver decrypts encrypted data retrieved in query results.
https://azure.microsoft.com/en-us/blog/transparent-data-encryption-or-always-encrypted/