Configure Data Access And Auditing Flashcards

1
Q

enables the encryption keys that protect the database files to be stored outside of the SQL Server environment such as a smartcard, a usb device, and the EKM module of Hardware Security Module (HSM). It also helps secure the SQL Server instance from database administrators because they will not necessarily have access to the external EKM/HSM module.

A

Extensible Key Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

is the root of the database engine’s encryption hierarchy and is generated automatically the first time it is needed to encrypt another key. By default, the SMK is encrypted using the Windows data protection API (DPAPI) at the operating system level, which uses the local machine key. The SMK can only be opened by the Windows service account that create it, or by a principal that knows the service account name and its password.

A

Service Master Key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is one of an organizations most important assets

A

data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a critical capability in any modern database engine?

A

ability to encrypt data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How long has column-level encryption been supported?

A

SQL Server 2005

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How are layers of encrypted protected?

A

protected by preceding layers of encryption that can use asymmetric keys, certificates, and symmetric keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

is a symmetric key used to protect the private keys of certificates and asymmetric keys that are present in the database.

A

Database Master Key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Data loss comes in many forms, what are 4?

A

hardware failure, database corruption, malicious activity, and user error.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Who is responsible for most organization’s data breaches?

A

employees

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An asymmetric key consists of a private and corresponding public key. Asymmetric encryption is computationally more expensive, but more secure than symmetric encryption. You can use an asymmetric key to encrypt a symmetric key within a database.

A

Asymmetric Key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A symmetric key is a single key that uses encryption. Symmetric encryption is generally used over asymmetric encryption because it is faster and less computationally expensive.

A

Symmetric Key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

are a digitally signed security object that contain a public (and optionally a private) key for SQL Server, which can generate these. You can also use externally generated ***s, and just like asymmetric keys, these can be used in asymmetric encryption.

A

Certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

When implementing column-level encryption, can encrypted data be compressed?

A

no

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

When implementing column-level encryption, can compressed data be encrypted?

A

yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When using compression, when should you compress data?

A

you should compress data before encrypting it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

True or False, Does stronger encryption algorithms consume more processor resources?

A

True

17
Q

Which version of SQL Server can take advantage of hardware acceleration?

A

SQL Server 2016

18
Q

How does SQL Server 2016 take advantage of hardware acceleration?

A

using Intel AES-NI, when performing encryption/decryption tasks.

19
Q

Starting with SQL Server 2016, which algorithms are supported with database compatibility 130 or above?

A

AES-128, AES-192, and AES-256

20
Q

Why should you not use older encryption algorithms?

A

because they are fundamentally less secure.

21
Q

If you are encrypting a lot of data, what is the recommended method to encrypt the data?

A

encrypt the data using a symmetric key, and then encrypt the symmetric key with an asymmetric key.