Enable Encryption at Rest in Azure Synapse Analytics Data Warehouse

A

Azure SQL Database currently supports encryption at rest for Microsoft-managed service side and client-side encryption scenarios.

-> Support for server encryption is currently provided through the SQL feature called Transparent Data Encryption.

-> Client-side encryption of Azure SQL Database data is supported through the Always Encrypted feature.

The correct answer is A. Transparent Data Encryption (TDE).

Explanation: Transparent Data Encryption (TDE) is a feature in Azure Synapse Analytics that provides encryption of data at rest. With TDE enabled, the data is automatically encrypted before it is written to disk, and automatically decrypted when it is read from disk. TDE uses a symmetric key called the database encryption key (DEK) to encrypt the data. The DEK is protected by a certificate or an asymmetric key that is stored in Azure Key Vault.

Secure transfer required (option B) is not relevant to encrypting data at rest. It is a setting that ensures that all communication between the client and the server is encrypted using SSL/TLS.

Always Encrypted (option C) is a feature in SQL Server that encrypts data at the column level. It allows you to encrypt sensitive data such as credit card numbers or social security numbers before storing it in the database. However, Always Encrypted does not provide encryption at rest. It only encrypts data when it is transmitted over the network.

Advanced Data Security (option D) is a feature in Azure Synapse Analytics that provides advanced threat protection for the data warehouse. It includes features such as vulnerability assessment, advanced threat protection, and data discovery and classification. While it helps protect against threats, it does not provide encryption at rest.