Developing Solutions for Microsoft Azure (legacy) — Question 21

You need to ensure that the SecurityPin security requirements are met.

Answer options

• A. Configure the web application to connect to the database using the WebAppIdentity security principal. Using the Azure Portal, add Data Masking to the SecurityPin column and exclude the WebAppIdentity service principal.
• B. Using the Azure Portal, add Data Masking to the SecurityPin column, and exclude the dbo user. Add a SQL security policy with a filter predicate based on the user identity.
• C. Enable Always Encrypted for the SecurityPin column using a certificate based on a trusted certificate authority. Update the Getting Started document with instructions to ensure that the certificate is installed on user machines.
• D. Enable Always Encrypted for the SecurityPin column using a certificate contained in Azure Key Vault and grant the WebAppIdentity service principal access to the certificate.

Correct answer: D

Explanation

The correct answer is D because it ensures that the SecurityPin is encrypted with a certificate that is securely stored and managed in Azure Key Vault, which enhances security by restricting access. Options A and B do not implement encryption for the SecurityPin, and option C does not utilize Azure Key Vault, which is crucial for secure certificate management.