Question

You need to design an enterprise data warehouse in Azure SQL Database with a table titled customers. You need to ensure that the customer supportive staff can identify the customers by matching the few characters of their email addresses but the full email addresses of the customers should not be visible to them. Which of the following would you include in the solution?

A. Row-level security

B. Encryption

C. Column Level Security

D. Dynamic Data Masking

E. Any of the above can be used

Answer 1

Correct Answer: D

Reason:-

Dynamic data masking is helpful in preventing unauthorized access to sensitive data by empowering the clients to specify how much of the sensitive data to disclose with minimum impact on the application layer. In this policy-based security feature, the sensitive data is hidden in the output of a query over specified database fields, but there is no change in the data in the database.

For example: *******abc@gmail.com

Option A is incorrect. Row-level security is used to enable the restricted access i.e who can access what type of data.

Option B is incorrect. Encryption is not the right solution.

Option C is incorrect. Column level security won’t help in limiting the exposure of sensitive data.

Option D is correct. In the given scenario, there is a need to use Dynamic data masking to limit the sensitive data exposure to non-privileged users.

Option E is incorrect. Dynamic Data Masking is the right answer.