Answer-first summary for fast verification
Answer: Utilize dynamic data masking in Azure SQL Database to conditionally mask sensitive data based on the user's role and permissions, ensuring that unauthorized users cannot view the sensitive information while authorized users can access the original data for analytics.
Option B is the most effective approach because it leverages Azure SQL Database's dynamic data masking feature to provide conditional access to sensitive data based on user roles and permissions. This method complies with GDPR by protecting sensitive information from unauthorized access while still allowing authorized users to perform analytics on the original data. It also minimizes operational costs by utilizing built-in Azure features without the need for additional data processing or storage solutions. This approach strikes the right balance between data security, compliance, and usability for analytics.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
In a scenario where you are tasked with implementing data masking for a dataset that contains sensitive customer information, such as credit card numbers, within a Microsoft Azure environment. The solution must comply with GDPR regulations, ensure that the data remains usable for analytics by authorized users, and minimize operational costs. Considering these constraints, which of the following approaches would be the most effective to protect the sensitive data while still allowing for analytics? Choose one option.
A
Implement static data masking by creating a copy of the dataset where sensitive data is permanently altered, and provide access to this masked dataset for all users, regardless of their permissions.
B
Utilize dynamic data masking in Azure SQL Database to conditionally mask sensitive data based on the user's role and permissions, ensuring that unauthorized users cannot view the sensitive information while authorized users can access the original data for analytics.
C
Exclude the sensitive columns from all views and datasets entirely, providing access only to non-sensitive data for all users, which simplifies compliance but may limit analytics capabilities.
D
Apply column-level encryption to the sensitive data and manage decryption keys separately, requiring users to request decryption for each access, which ensures high security but may introduce latency and complexity for analytics.