Practice free →
HomeAzure AZ-500cloudcomputingaz500compstoragedb › Which Azure SQL Database feature should a securi…

Which Azure SQL Database feature should a security engineer recommend to encrypt sensitive columns CLIENT-SIDE so that even DB admins cannot see plaintext (e.g. PII)?

AAzure SQL Database Always Encrypted (with secure enclaves for richer query operations)
BAzure DNS
CTransparent Data Encryption (TDE — at-rest only, DBAs see plaintext)
DPublic table with no encryption
Answer & Solution
Correct answer: A. Azure SQL Database Always Encrypted (with secure enclaves for richer query operations)
Always Encrypted is client-side encryption opaque to DBAs (per AZ-500 §3 SQL Always Encrypted). TDE encrypts at rest but DBAs read plaintext; the others aren't encryption.
Solve this in the app — Azure AZ-500 practice & 24k+ MCQs →
Related questions