This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Answer the following questions to check your understanding of the key concepts in this module.
Contoso's fraud detection AI service needs to query Azure SQL Database. Which authentication approach eliminates credential management while maintaining least-privilege access?
SQL authentication with a dedicated service account and a strong password stored in Azure Key Vault
A system-assigned managed identity with a Microsoft Entra ID contained database user mapped to the identity
A shared access signature scoped to the Azure SQL resource
A SQL sign-in using a service principal client secret rotated every 90 days
A cloud security engineer is configuring transparent data encryption with customer-managed keys for a regulated banking database. Which two Azure Key Vault settings are mandatory before the key can be attached to Azure SQL?
Soft-delete and purge protection must both be enabled on the Key Vault
The Key Vault must be in the same Azure region as the SQL server
The Key Vault must use RBAC authorization mode with the SQL Security Manager role assigned
The Key Vault must be dedicated to SQL encryption keys with no other secrets or certificates
A database administrator needs to prevent customer service representatives from seeing full credit card numbers in query results, while allowing the finance team to view unmasked values. Which Azure SQL feature provides granular column-level unmask permissions?
Row-level security with filter predicates scoped to the credit card column
Always Encrypted with role-based column encryption keys assigned per team
Dynamic data masking with GRANT UNMASK permissions scoped to the specific column
Transparent data encryption with a customer-managed key scoped per column
You must answer all questions before checking your work.
Was this page helpful?
Need help with this topic?
Want to try using Ask Learn to clarify or guide you through this topic?