You have an Azure SQL database.
You implement Always Encrypted.
You need to ensure that application developers can retrieve and decrypt data in the database.
Which two pieces of information should you provide to the developers? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Click on the arrows to vote for the correct answer
A. B. C. D. E.CE
Always Encrypted uses two types of keys: column encryption keys and column master keys. A column encryption key is used to encrypt data in an encrypted column. A column master key is a key-protecting key that encrypts one or more column encryption keys.
https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engineAlways Encrypted is a security feature available in Azure SQL Database that encrypts sensitive data stored in a database using keys that are entirely managed outside the database. When Always Encrypted is implemented, data is protected both at rest and in transit. Data remains encrypted even during query processing.
To allow application developers to retrieve and decrypt data in the Azure SQL database, they will need two pieces of information. These are:
Column Encryption Key: This key is used to encrypt and decrypt data in the database. The application developers will need to have access to the column encryption key to decrypt data retrieved from the database. It is important to note that the column encryption key must be stored outside the database to ensure maximum security.
Column Master Key: The column master key is a key that protects the column encryption key. The application developers will need access to the column master key to access the column encryption key and decrypt the data in the database.
Therefore, the correct answers to the question are:
C. The column encryption key E. The column master key
Option A, a stored access policy, and Option B, a shared access signature (SAS), are not applicable to this scenario. These are options used for granting temporary access to Azure Storage resources.
Option D, user credentials, is not applicable either. User credentials are used for authentication and access control, but they do not provide access to the encryption keys required to decrypt the data.
In summary, to allow application developers to retrieve and decrypt data in an Azure SQL database with Always Encrypted, they will need access to the column encryption key and the column master key.