Home » Microsoft » DP-200 v.2 » What should you use?
You have an Azure SQL database that has masked columns.
You need to identify when a user attempts to infer data from the masked columns.
What should you use?
A. Azure Advanced Threat Protection (ATP)
B. custom masking rules
C. Transparent Data Encryption (TDE)
D. auditing
Correct Answer: D
Explanation/Reference:
Explanation:
Dynamic Data Masking is designed to simplify application development by limiting data exposure in a set of pre-defined queries used by the application. While Dynamic Data Masking can also be useful to prevent accidental exposure of sensitive data when accessing a production database directly, it is important to note that unprivileged users with ad-hoc query permissions can apply techniques to gain access to the actual data. If there is a need to grant such ad-hoc access, Auditing should be used to monitor all database activity and mitigate this scenario.
References:
https://docs.microsoft.com/en-us/sql/relational-databases/security/dynamic-data-masking