question

Rohitkulkarni-8220 avatar image
1 Vote"
Rohitkulkarni-8220 asked ·

Azure key Valut and Windows certificate store

Hello Team,

I am Practice the test paper for DP -200. For single question there are 2 answers in 2 differenct Practice Test Paper.

Paper 1 :

The data for the external applications needs to be encrypted at rest. You decide to implement the following steps

*)Use the Always Encrypted Wizard in SQL Server Management Studio

*)Select the column that needs to be encrypted

*)Set the encryption type to Deterministic

*)Configure the master key to be used from the Windows Certificate Store

*)Confirm the configuration and deploy the solution

Would these steps fulfill the requirement?

Answer : YES

Paper 2 :

The data for the external applications needs to be encrypted at rest. You decide to implement the following steps

*)Use the Always Encrypted Wizard in SQL Server Management Studio

*)Select the column that needs to be encrypted

*)Set the encryption type to Deterministic

*)Configure the master key to be used from Azure Key vault

*)Confirm the configuration and deploy the solution

Would these steps fulfil the requirement?

Answer :No

Please any one can you clarify what is the correct answer for Azure key Vault/Windows Certificate Store

Thanks in advance
RK

azure-key-vault
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JamesTran-MSFT avatar image
1 Vote"
JamesTran-MSFT answered ·

@Rohitkulkarni-8220

Looking at the question you posted, the main difference is one says "Configure the master key to be used from the Windows Certificate Store" while the other says Key Vault. I was able to look at the public documentation and will post my findings below.

Findings:

When it comes to the actual process of using the "Always Encrypted Wizard in SQL Server Management Studio".

  • This documentation states "Currently, you can store a CMK in the Windows certificate store, Azure Key Vault, or a hardware security module (HSM). However, within our docs only the Certificate Store walk-through documents the full process; while the Key Vault doc only goes to creating a Key Vault to store your keys.

For your test questions, it looks like both answers should be Yes/True.

When taking the actual exam, if you do run into these questions and would like to challenge the item(s). Please do so by following the steps outlined here - Exam policies and FAQ.

9962-challengeexamq.jpg


If this answer helped resolve your question. Please remember to "mark as answer" so that others in the community facing similar issues can easily find a solution.



challengeexamq.jpg (47.1 KiB)
· 3 · Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SyedPriom-2675 avatar image SyedPriom-2675 ·

Both Windows Certificate Store and Azure Key Vault can be used to store Master Key Configuration (CMK).

But If it's required that certificates and keys are managed on-premise data stores, then it's required to use Windows Certificate Store.

1 Vote 1 ·
JamesTran-MSFT avatar image JamesTran-MSFT ·

@Rohitkulkarni-8220

I just wanted to check in and see if my previous post helped answer your question or if you had any other questions.

Thank you for your time!


Please let us know if any of these answers helped resolve your question. If so, please remember to "mark as answer" so that others in the community facing similar issues can easily find a solution.

0 Votes 0 ·
JamesTran-MSFT avatar image JamesTran-MSFT JamesTran-MSFT ·

@Rohitkulkarni-8220

I just wanted to check in and see if my previous post helped answer your question or if you had any other questions.

Thank you for your time!


Please let us know if any of these answers helped resolve your question. If so, please remember to "mark as answer" so that others in the community facing similar issues can easily find a solution.

0 Votes 0 ·