Answer: Transparent Data Encryption (TDE)

## Explanation To ensure data encryption at rest for an Azure Synapse Analytics data warehouse, **Transparent Data Encryption (TDE)** is the correct solution. ### Why TDE is the Optimal Choice: **Transparent Data Encryption (TDE)** is specifically designed to provide real-time encryption and decryption of data at rest without requiring changes to the application. For Azure Synapse Analytics (formerly SQL Data Warehouse), TDE: - **Automatically encrypts data at rest** including databases, associated backups, and transaction log files - **Uses AES-256 encryption** by default - **Operates transparently** to applications and users - no code modifications required - **Is enabled by default** on all Azure SQL databases, including Synapse Analytics dedicated SQL pools - **Provides protection** against unauthorized access to physical storage media ### Analysis of Other Options: - **A: Advanced Data Security for this database** - While this provides valuable security features like vulnerability assessment and threat detection, it does not directly handle data encryption at rest as its primary function. - **C: Secure transfer required** - This setting enforces encrypted connections to the database (encryption in transit), not encryption of data at rest on storage media. - **D: Dynamic Data Masking** - This feature protects sensitive data by masking it in query results for unauthorized users, but it does not encrypt the underlying stored data. ### Best Practice Considerations: For Azure Synapse Analytics, TDE is the foundational security control for data at rest protection. It should be complemented with other security measures like network security, access controls, and monitoring, but for the specific requirement of encrypting data at rest, TDE is the appropriate and standard solution.

Author: LeetQuiz Editorial Team