Answer-first summary for fast verification
Answer: Always Encrypted
The requirement is to prevent Contoso developers, who are assigned the db_owner role for the ClaimsDB database, from viewing the data in the MedicalHistory column. Always Encrypted is the appropriate solution as it ensures that the sensitive data remains encrypted throughout the database and not visible even to database administrators with roles such as db_owner. Dynamic Data Masking would not be effective in this case because users with privileged roles like db_owner can bypass masking and view the actual data.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
As a Microsoft Certified Cybersecurity Architect Expert, you have been approached by Contoso to secure their sensitive data. The developers at Contoso have specific requirements: they must be prevented from viewing the data located in a column named MedicalHistory within the ClaimDetails table. Considering this context, you need to recommend an appropriate solution that ensures the confidentiality of the MedicalHistory data in the ClaimsDetail table while meeting the developers' requirements.
A
row-level security (RLS)
B
Transparent Data Encryption (TDE)
C
Always Encrypted
D
data classification
E
dynamic data masking