You have an Azure SQL database that has masked columns.
You need to identify when a user attempts to infer data from the masked columns.
What should you use?
Click on the arrows to vote for the correct answer
A. B. C. D.D
Dynamic Data Masking is designed to simplify application development by limiting data exposure in a set of pre-defined queries used by the application. While
Dynamic Data Masking can also be useful to prevent accidental exposure of sensitive data when accessing a production database directly, it is important to note that unprivileged users with ad-hoc query permissions can apply techniques to gain access to the actual data. If there is a need to grant such ad-hoc access,
Auditing should be used to monitor all database activity and mitigate this scenario.
https://docs.microsoft.com/en-us/sql/relational-databases/security/dynamic-data-maskingTo identify when a user attempts to infer data from the masked columns in an Azure SQL database, we need to implement auditing. Therefore, the correct answer is option D: auditing.
Auditing allows us to monitor and log events that occur on an Azure SQL database. By enabling auditing, we can capture events such as successful and failed login attempts, SQL statements, and database schema changes. Auditing also provides an audit trail that can be used to investigate security incidents or compliance issues.
When we implement column-level data masking on an Azure SQL database, the data is still stored in the database in an unmasked state. Data masking is applied when data is retrieved from the database. Therefore, it is possible for a user to attempt to infer data from masked columns using SQL statements or other means.
By enabling auditing on the Azure SQL database, we can capture any attempt to infer data from masked columns. We can configure auditing to capture events related to data access and retrieval, and we can also specify the format and location of the audit log.
Azure Advanced Threat Protection (ATP) is a security solution that provides advanced threat detection and prevention for Azure resources. While ATP can help protect Azure SQL databases from various security threats, it is not specifically designed to identify when a user attempts to infer data from masked columns.
Custom masking rules allow us to define our own masking functions for specific columns in an Azure SQL database. While custom masking rules can help protect sensitive data, they do not provide a mechanism for identifying when a user attempts to infer data from masked columns.
Transparent Data Encryption (TDE) is a feature of Azure SQL database that encrypts data at rest. While TDE can help protect sensitive data in an Azure SQL database, it does not provide a mechanism for identifying when a user attempts to infer data from masked columns.