Home » Microsoft » 70-535 v.2 » Does the solution meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question on the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to prevent security attacks based on the Tabular Data Stream (TDS) Protocol.
Solution: Enable token-based multi-factor authentication without a gateway appliance.
Does the solution meet the goal?
A. Yes
B. No
Correct Answer: B
Explanation/Reference:
Explanation:
Anyone using TLS must be mindful of how certificates are validated. The first thing an attacker is likely to try against any TLS implementation is to conduct a man-in-the-middle attack that presents self-signed or otherwise forged certificates to TLS clients (and servers, if client certificates are in use). To its credit, Microsoft’s implementation of TDS is safe in the sense that it enables certificate validation by default, which prevents this attack.
From Scenario: Common security issues such as SQL injection and XSS must be prevented.
Database-related security issues must not result in customers’ data being exposed.
Note:
TDS depends on Transport Layer Security (TLS)/Secure Socket Layer (SSL) for network channel encryption.
The Tabular Data Stream (TDS) Protocol is an application-level protocol used for the transfer of requests and responses between clients and database server systems. In such systems, the client will typically establish a long-lived connection with the server. Once the connection is established using a transport-level protocol, TDS messages are used to communicate between the client and the server. A database server can also act as the client if needed, in which case a separate TDS connection has to be established.
References:
https://summitinfosec.com/2017/12/19/advanced-sql-server-mitm-attacks/
https://msdn.microsoft.com/en-us/library/dd304492.aspx