Home » Microsoft » 70-535 v.2 » What should you do?
You need to ensure that data security requirements are met.
What should you do?
A. Enable Role-Based Access Control (RBAC) for each database.
B. Use Azure Key Vault HSM for encrypting the results of the analysis
C. Ensure that all applications use Cosmos DB secondary master keys.
D. Generate Cosmos DB resource tokens for each collection.
Correct Answer: D
Explanation/Reference:
Explanation:
Resource tokens provide access to the application resources within a database. Resource tokens:
Provide access to specific collections, partition keys, documents, attachments, stored procedures, triggers, and UDFs.
Are created when a user is granted permissions to a specific resource.
You can use a resource token (by creating Cosmos DB users and permissions) when you want to provide access to resources in your Cosmos DB account to a client that cannot be trusted with the master key.
Scenario: Security and Personally Identifiable Information (PII)
Access to the analysis results must be limited to the specific customer account of the user that originally uploaded the documents.
Reference: https://docs.microsoft.com/en-us/azure/cosmos-db/secure-access-to-data#resource-tokens