Mike wants to gain insights should any unusual activity be occurring with his storage account with minimal configuration. What can Mike use to achieve this?
Encryption
Storage account signature
Automatic Threat Detection
Answer is Automatic Threat Detection
Automatic Threat detection is used to proactively advise if there is any unusual activity with a storage account. Encryption is used to protect data at rest or when in transit. It is not used to give access to data in a storage account. Storage account signature does not exist.
Question 222
Which of the following is the most efficient way to secure a database to allow only access from a VNet while restricting access from the internet?
An allow access to Azure services rule
A server-level IP address rule
A server-level virtual network rule
A database-level IP address rule
Answer is A server-level virtual network rule
A server-level virtual network rule will allow you to allow connectivity from specific Azure VNet subnets, and will block access from the internet. This is the most efficient manner to secure this configuration.
Question 223
A mask has been applied to a column in the database that holds a user’s email address, laura@contoso.com. From the list of options, what would the mask display for a database administrator account?
lxxx@xxxx.com
laura@contoso.com
laura@xxxxxxx.com
Data not available
Answer is laura@contoso.com
laura@contoso.com. When database administrator accounts access data that have a mask applied, the mask is removed, and the original data is visible.
Question 224
You need to set the encryption for the data stored in Stream Analytics. What should you do?
Use Transport Layer Security v1.2
Set server-level IP address rule
It cannot be done
Answer is It cannot be done
As Stream Analytics does not store data, you will be unable to set the encryption for the data stored in Stream Analytics. As a result, Using Transport Layer Security v1.2 or a server-level IP address rule is not correct in the context of this question
Question 225
Authentication for an Event hub is defined with a combination of an Event Publisher and which other component?
Shared Access Signature
Storage Account Key
Transport Layer Security v1.2
Answer is Shared Access Signature
A Shared Access Signature in combination with an Event Publisher is used to define authentication for an event hub.
Question 226
You develop data engineering solutions for a company. The company has on-premises Microsoft SQL Server databases at multiple locations.
The company must integrate data with Microsoft Power BI and Microsoft Azure Logic Apps. The solution must avoid single points of failure during connection and transfer to the cloud. The solution must also minimize latency.
You need to secure the transfer of data between on-premises databases and Microsoft Azure.
What should you do?
Install a standalone on-premises Azure data gateway at each location
Install an on-premises data gateway in personal mode at each location
Install an Azure on-premises data gateway at the primary location
Install an Azure on-premises data gateway as a cluster at each location
Answer is Install an Azure on-premises data gateway as a cluster at each location
You can create high availability clusters of On-premises data gateway installations, to ensure your organization can access on-premises data resources used in Power BI reports and dashboards. Such clusters allow gateway administrators to group gateways to avoid single points of failure in accessing on-premises data resources. The Power BI service always uses the primary gateway in the cluster, unless it’s not available. In that case, the service switches to the next gateway in the cluster, and so on.
A project requires the deployment of data to Azure Data Lake Storage.
You need to implement role-based access control (RBAC) so that project members can manage the Azure Data Lake Storage resources.
Which three actions should you perform?
Assign Azure AD security groups to Azure Data Lake Storage.
Configure end-user authentication for the Azure Data Lake Storage account.
Configure service-to-service authentication for the Azure Data Lake Storage account.
Create security groups in Azure Active Directory (Azure AD) and add project members.
Configure access control lists (ACL) for the Azure Data Lake Storage account.
Answers are;
Assign Azure AD security groups to Azure Data Lake Storage.
Create security groups in Azure Active Directory (Azure AD) and add project members.
Configure access control lists (ACL) for the Azure Data Lake Storage account.
AD: Create security groups in Azure Active Directory. Assign users or security groups to Data Lake Storage Gen1 accounts.
E: Assign users or security groups as ACLs to the Data Lake Storage Gen1 file system
You have an Azure SQL database that has masked columns.
You need to identify when a user attempts to infer data from the masked columns.
What should you use?
Azure Advanced Threat Protection (ATP)
custom masking rules
Transparent Data Encryption (TDE)
auditing
Answer is auditing
Dynamic Data Masking is designed to simplify application development by limiting data exposure in a set of pre-defined queries used by the application. While Dynamic Data Masking can also be useful to prevent accidental exposure of sensitive data when accessing a production database directly, it is important to note that unprivileged users with ad-hoc query permissions can apply techniques to gain access to the actual data. If there is a need to grant such ad-hoc access, Auditing should be used to monitor all database activity and mitigate this scenario.
You have an Azure SQL database named DB1 that contains a table named Table1. Table1 has a field named Customer_ID that is varchar(22).
You need to implement masking for the Customer_ID field to meet the following requirements:
The first two prefix characters must be exposed.
The last four prefix characters must be exposed.
All other characters must be masked.
Solution: You implement data masking and use a credit card function mask.
Does this meet the goal?
Yes
No
Answer is No
Must use Custom Text data masking, which exposes the first and last characters and adds a custom padding string in the middle.
You have an Azure SQL database named DB1 that contains a table named Table1. Table1 has a field named Customer_ID that is varchar(22).
You need to implement masking for the Customer_ID field to meet the following requirements:
The first two prefix characters must be exposed.
The last four prefix characters must be exposed.
All other characters must be masked.
Solution: You implement data masking and use a random number function mask.
Does this meet the goal?
Yes
No
Answer is No
Must use Custom Text data masking, which exposes the first and last characters and adds a custom padding string in the middle.