Designing Azure Infrastructure Solutions — Question 13

You have an app named App1 that uses an on-premises Microsoft SQL Server database named DB1.

You plan to migrate DB1 to an Azure SQL managed instance.

You need to enable customer managed Transparent Data Encryption (TDE) for the instance. The solution must maximize encryption strength.

Which type of encryption algorithm and key length should you use for the TDE protector?

Answer options

• A. RSA 3072
• B. AES 256
• C. RSA 4096
• D. RSA 2048

Correct answer: A

Explanation

The correct answer is A, RSA 3072, because it provides a strong level of security suitable for TDE, balancing strength and performance. While AES 256 is also strong, it is not suitable for TDE protectors, and the RSA options, such as RSA 2048 and RSA 4096, do not maximize encryption strength compared to RSA 3072.