Home » Microsoft » 70-764 v.2 » HOTSPOT
HOTSPOT
A company has the following Microsoft SQL Server instances Instance1 and Instance2. You plan to enable Always Encrypted for both instances.
You need to configure the instances to meet the following requirements:
Instance1 must use an initialization vector that is different each time the instance is initiated. Instance2 must use an initialization vector that is derived from an algorithm.
In the table below, identify the encryption type that must be used for each instance.
NOTE: Make only one selection in each column. Each correct selection is worth one point.
Hot Area:
Correct Answer:
Explanation/Reference:
Explanation:
Always Encrypted supports two types of encryption: randomized encryption and deterministic encryption.
Randomized encryption uses a method that encrypts data in a less predictable manner. Randomized encryption is more secure, but prevents searching, grouping, indexing, and joining on encrypted columns.
Deterministic encryption always generates the same encrypted value for any given plain text value. Using deterministic encryption allows point lookups, equality joins, grouping and indexing on encrypted columns. However, but may also allow unauthorized users to guess information about encrypted values by examining patterns in the encrypted column, especially if there is a small set of possible encrypted values, such as True/False, or North/South/East/West region.
References: https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine