Answer-first summary for fast verification
Answer: column-level encryption
## Detailed Analysis ### Requirements Breakdown: - **Users must be able to identify potentially fraudulent transactions** - This requires access to transaction data for analysis - **Users must be able to use credit card information as a potential feature in models** - The credit card data must be usable for machine learning/modeling purposes - **Users must NOT be able to access the actual credit card numbers** - The raw credit card numbers must be protected from direct access ### Evaluation of Options: **C. Column-level encryption** - **✓ OPTIMAL SOLUTION** - **Why it works**: Column-level encryption allows specific columns (like credit card numbers) to be encrypted while still enabling operations on the data. Users can work with the encrypted values as features in models without accessing the actual plaintext credit card numbers. - **How it meets requirements**: The encrypted credit card data can be used as features in fraud detection models while keeping the actual numbers protected. Mathematical operations and comparisons can still be performed on the encrypted data. - **Azure Synapse Analytics support**: Column-level encryption is supported in dedicated SQL pools through symmetric key encryption capabilities. **A. Transparent Data Encryption (TDE)** - **✗ NOT SUITABLE** - TDE encrypts data at rest (database files) but automatically decrypts data when queried - Users would still see the actual credit card numbers in plaintext when querying the data - Does not provide column-level protection or prevent access to specific sensitive data **B. Row-level security (RLS)** - **✗ NOT SUITABLE** - RLS restricts access to entire rows based on user identity or other predicates - Does not protect specific columns within accessible rows - Users who can access transaction rows would still see the credit card numbers **D. Azure Active Directory (Azure AD) pass-through authentication** - **✗ NOT SUITABLE** - This is an authentication mechanism, not a data protection solution - Controls who can access the database but doesn't protect specific data elements within it - Does not address the requirement to hide credit card numbers while allowing their use as features ### Best Practice Considerations: Column-level encryption is the industry-standard approach for protecting specific sensitive columns while maintaining data utility for analytical purposes. It aligns with the principle of least privilege by allowing users to work with the data they need without exposing unnecessary sensitive information.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You are designing a database for an Azure Synapse Analytics dedicated SQL pool to support workloads for detecting ecommerce transaction fraud. Data will be combined from multiple ecommerce sites and can include sensitive financial information such as credit card numbers.
You need to recommend a solution that meets the following requirements:
What should you include in the recommendation?
A
Transparent Data Encryption (TDE)
B
row-level security (RLS)
C
column-level encryption
D
Azure Active Directory (Azure AD) pass-through authentication