Answer-first summary for fast verification
Answer: Enable Transparent Data Encryption (TDE) for the pool.
## Explanation ### Understanding the Requirements - **Scenario**: Azure Synapse Analytics dedicated SQL pool - **Primary requirement**: Enable encryption at rest for data in the pool - **Critical constraint**: No modifications to applications that query the data ### Analysis of Options **Option B - Enable Transparent Data Encryption (TDE) for the pool** ✅ - **Optimal Choice**: TDE is specifically designed for Azure SQL Database and Azure Synapse Analytics dedicated SQL pools to provide encryption at rest - **Transparency**: TDE performs real-time encryption and decryption of data at the storage level, making it completely transparent to applications - **No Application Changes Required**: Applications continue to query data normally without any code modifications - **Automated Process**: TDE encrypts the database, log files, and backups without requiring application-level changes - **Industry Standard**: Uses AES-256 encryption algorithm for robust security **Option A - Enable encryption at rest for Azure Data Lake Storage Gen2** ❌ - **Incorrect Scope**: This addresses storage encryption for Data Lake Storage, not the dedicated SQL pool itself - **Does Not Meet Requirement**: While Data Lake Storage may be used in the broader Synapse environment, this doesn't encrypt the SQL pool data at rest **Option C - Use customer-managed key for double encryption** ❌ - **Workspace-Level Solution**: This applies to the entire Synapse workspace, not specifically to the dedicated SQL pool - **Creation Requirement**: Double encryption typically requires configuration during workspace creation, not post-deployment - **Not the Most Direct Solution**: While it provides enhanced security, TDE is the direct and standard method for SQL pool encryption **Option D - Create Azure Key Vault and grant access** ❌ - **Incomplete Solution**: This sets up key management infrastructure but doesn't actually enable encryption for the SQL pool - **Additional Steps Required**: Key Vault integration is part of TDE configuration with customer-managed keys, but this alone doesn't enable encryption ### Why TDE is the Correct Solution Transparent Data Encryption is the built-in, purpose-built feature for encrypting Azure Synapse Analytics dedicated SQL pools at rest. It operates at the database engine level, automatically encrypting data before writing to disk and decrypting when reading, ensuring zero impact on application functionality while meeting the encryption requirement.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You have an Azure Synapse Analytics dedicated SQL pool. You must ensure that the data is encrypted at rest. The solution cannot require any changes to the applications that query the data. What should you do?
A
Enable encryption at rest for the Azure Data Lake Storage Gen2 account.
B
Enable Transparent Data Encryption (TDE) for the pool.
C
Use a customer-managed key to enable double encryption for the Azure Synapse workspace.
D
Create an Azure key vault in the Azure subscription grant access to the pool.
No comments yet.