Microsoft Azure Security Engineer Associate AZ-500 Practice Question
The payroll application stores highly sensitive Personal Identifiable Information (PII). Security requirement: Azure operators, DBA, or anyone with database or VM-level access must not be able to read the data. Data must be encrypted on disk, in transit, and within SQL Server memory; only the client application can decrypt. Which built-in feature meets these requirements?
Always Encrypted encrypts selected columns with keys that are never revealed to the database engine. Because encryption and decryption occur only inside the client application, high-privilege roles such as Azure SQL Database administrators, VM administrators, or anyone with direct access to the database files or memory can see only ciphertext. Transparent Data Encryption protects data at rest but allows the engine (and privileged users) to view plaintext while queries run. Dynamic Data Masking hides data only in query results and is easily bypassed by privileged accounts. Row-level security restricts which rows a user can read but does not encrypt the data. Therefore, Always Encrypted is the only feature that satisfies the stated requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does Always Encrypted ensure that privileged users cannot read sensitive data?
Open an interactive chat with Bash
What is the difference between Always Encrypted and Transparent Data Encryption (TDE)?
Open an interactive chat with Bash
What is the role of encryption keys in Always Encrypted?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure compute, storage, and databases
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .