Configure Data Access And Auditing Flashcards
enables the encryption keys that protect the database files to be stored outside of the SQL Server environment such as a smartcard, a usb device, and the EKM module of Hardware Security Module (HSM). It also helps secure the SQL Server instance from database administrators because they will not necessarily have access to the external EKM/HSM module.
Extensible Key Management
is the root of the database engine’s encryption hierarchy and is generated automatically the first time it is needed to encrypt another key. By default, the SMK is encrypted using the Windows data protection API (DPAPI) at the operating system level, which uses the local machine key. The SMK can only be opened by the Windows service account that create it, or by a principal that knows the service account name and its password.
Service Master Key
What is one of an organizations most important assets
data
What is a critical capability in any modern database engine?
ability to encrypt data
How long has column-level encryption been supported?
SQL Server 2005
How are layers of encrypted protected?
protected by preceding layers of encryption that can use asymmetric keys, certificates, and symmetric keys
is a symmetric key used to protect the private keys of certificates and asymmetric keys that are present in the database.
Database Master Key
Data loss comes in many forms, what are 4?
hardware failure, database corruption, malicious activity, and user error.
Who is responsible for most organization’s data breaches?
employees
An asymmetric key consists of a private and corresponding public key. Asymmetric encryption is computationally more expensive, but more secure than symmetric encryption. You can use an asymmetric key to encrypt a symmetric key within a database.
Asymmetric Key
A symmetric key is a single key that uses encryption. Symmetric encryption is generally used over asymmetric encryption because it is faster and less computationally expensive.
Symmetric Key
are a digitally signed security object that contain a public (and optionally a private) key for SQL Server, which can generate these. You can also use externally generated ***s, and just like asymmetric keys, these can be used in asymmetric encryption.
Certificates
When implementing column-level encryption, can encrypted data be compressed?
no
When implementing column-level encryption, can compressed data be encrypted?
yes
When using compression, when should you compress data?
you should compress data before encrypting it.