Microsoft Azure Security Engineer Associate AZ-500 Practice Question
You manage an Azure SQL Database named SalesDB that contains a table called Payments. A dynamic data-masking rule masks the CreditCardNumber column for all database users. A nightly reporting job that connects with the login ReportSvc must continue to see the complete credit-card numbers, but no other additional permissions are required. Which action should you perform?
Change the masking function on CreditCardNumber from Default to Email.
Grant the UNMASK permission on the SalesDB database to the ReportSvc user.
Add the ReportSvc user to the built-in db_datareader role in SalesDB.
Enable Transparent Data Encryption (TDE) on SalesDB.
Dynamic data masking hides sensitive data unless a principal has the UNMASK permission or is a member of a high-privilege role such as db_owner. Granting the database-level UNMASK permission to the ReportSvc login (or contained user) allows that principal to view the original values while leaving the masking rule in place for all other users. Adding the account to roles such as db_datareader or db_ddladmin, changing the masking function, or enabling Transparent Data Encryption do not override masking. TDE encrypts data at rest and is unrelated to dynamic masking.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Dynamic Data Masking in Azure SQL Database?
Open an interactive chat with Bash
What is the UNMASK permission in SQL databases?
Open an interactive chat with Bash
What is the difference between Transparent Data Encryption (TDE) and Dynamic Data Masking?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure compute, storage, and databases
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .