Configure Data Access And Auditing

Question 1

enables the encryption keys that protect the database files to be stored outside of the SQL Server environment such as a smartcard, a usb device, and the EKM module of Hardware Security Module (HSM). It also helps secure the SQL Server instance from database administrators because they will not necessarily have access to the external EKM/HSM module.

Answer 1

Extensible Key Management

Question 2

is the root of the database engine’s encryption hierarchy and is generated automatically the first time it is needed to encrypt another key. By default, the SMK is encrypted using the Windows data protection API (DPAPI) at the operating system level, which uses the local machine key. The SMK can only be opened by the Windows service account that create it, or by a principal that knows the service account name and its password.

Answer 2

Service Master Key

Question 3

What is one of an organizations most important assets

Answer 3

data

Question 4

What is a critical capability in any modern database engine?

Answer 4

ability to encrypt data

Question 5

How long has column-level encryption been supported?

Answer 5

SQL Server 2005

Question 6

How are layers of encrypted protected?

Answer 6

protected by preceding layers of encryption that can use asymmetric keys, certificates, and symmetric keys

Question 7

is a symmetric key used to protect the private keys of certificates and asymmetric keys that are present in the database.

Answer 7

Database Master Key

Question 8

Data loss comes in many forms, what are 4?

Answer 8

hardware failure, database corruption, malicious activity, and user error.

Question 9

Who is responsible for most organization’s data breaches?

Answer 9

employees

Question 10

An asymmetric key consists of a private and corresponding public key. Asymmetric encryption is computationally more expensive, but more secure than symmetric encryption. You can use an asymmetric key to encrypt a symmetric key within a database.

Answer 10

Asymmetric Key

Question 11

A symmetric key is a single key that uses encryption. Symmetric encryption is generally used over asymmetric encryption because it is faster and less computationally expensive.

Answer 11

Symmetric Key

Question 12

are a digitally signed security object that contain a public (and optionally a private) key for SQL Server, which can generate these. You can also use externally generated ***s, and just like asymmetric keys, these can be used in asymmetric encryption.

Answer 12

Certificates

Question 13

When implementing column-level encryption, can encrypted data be compressed?

Answer 13

no

Question 14

When implementing column-level encryption, can compressed data be encrypted?

Answer 14

yes

Question 15

When using compression, when should you compress data?

Answer 15

you should compress data before encrypting it.

Question 16

True or False, Does stronger encryption algorithms consume more processor resources?

Answer 16

True

Question 17

Which version of SQL Server can take advantage of hardware acceleration?

Answer 17

SQL Server 2016

Question 18

How does SQL Server 2016 take advantage of hardware acceleration?

Answer 18

using Intel AES-NI, when performing encryption/decryption tasks.

Question 19

Starting with SQL Server 2016, which algorithms are supported with database compatibility 130 or above?

Answer 19

AES-128, AES-192, and AES-256

Question 20

Why should you not use older encryption algorithms?

Answer 20

because they are fundamentally less secure.

Question 21

If you are encrypting a lot of data, what is the recommended method to encrypt the data?

Answer 21

encrypt the data using a symmetric key, and then encrypt the symmetric key with an asymmetric key.