Provisioning SQL Databases — Question 18

Note: This questions is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your company has several Microsoft Azure SQL Database instances.
Data encryption should be allowed to be implemented by the client applications that access the data. Encryption keys should not be made available to the database engine.
You need to configure the database.
What should you implement?

Answer options

• A. transport-level encryption
• B. cell-level encryption
• C. Transparent Data Encryption
• D. Always Encrypted
• E. Encrypting File System
• F. BitLocker
• G. dynamic data masking

Correct answer: A

Explanation

The correct answer is A, transport-level encryption, which secures data in transit between the client application and the database. Other options like cell-level encryption and Transparent Data Encryption involve the database engine managing encryption keys, which does not meet the requirement of keeping keys away from the database engine.