Explanation:
Option D is the correct answer. Enabling SSL/TLS encryption for data in motion ensures that the data is protected during transmission. Additionally, using Azure Cosmos DB's built-in encryption at rest feature ensures that the data is encrypted when stored. Option A is incorrect because it only addresses encryption at rest. Option B is incorrect because client-side encryption can be complex to implement and manage. Option C is incorrect because Azure Key Vault can be used to manage encryption keys, but TDE is not applicable to Azure Cosmos DB.
Ultimate access to all questions.
You are tasked with implementing data encryption for a highly sensitive dataset stored in Azure Cosmos DB. Which of the following encryption methods should you use to ensure that data is protected at rest and in motion?
A
Use Azure Cosmos DB's built-in encryption at rest feature to encrypt the data automatically.
B
Implement client-side encryption to encrypt the data before sending it to Azure Cosmos DB and decrypt it after retrieving it.
C
Use Azure Key Vault to manage the encryption keys and implement Transparent Data Encryption (TDE) for Azure Cosmos DB.
D
Enable SSL/TLS encryption for data in motion and use Azure Cosmos DB's built-in encryption at rest feature.
No comments yet.