Microsoft Administering Relational Databases on Microsoft Azure (DP-300日本語版) - DP-300日本語 FREE EXAM DUMPS QUESTIONS & ANSWERS

Explanation:

Basic Concept: This question tests high availability and disaster recovery design for Azure SQL, SQL Server on Azure VMs, and regional failure scenarios.
Why the selected answer is Correct: The selected values fit this scenario because they apply the required Azure SQL configuration at the correct scope and sequence: Which three backups should you restore in sequence?
Why the alternate choices are Wrong: The alternate selections apply to different administrative stages or different scopes. In a hotspot or drag-drop task, order and scope are part of the answer, so a technically valid Azure feature can still be wrong if it is placed in the wrong step.

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

See the explanation part for the complete Solution.
Explanation:
Use SQL Server Management Studio Always Encrypted Wizard and encrypt:
Database: db1
Schema: SalesLT
Table: Customer
Column: LastName
Encryption feature: Always Encrypted
Column master key store: Windows Certificate Store
Do not use Transparent Data Encryption. TDE encrypts the database at rest, but this task specifically requires Always Encrypted, which protects selected columns and keeps the encryption keys outside the database engine. Microsoft states that Always Encrypted uses column encryption keys to encrypt column data and column master keys to protect those column encryption keys. Column master keys are stored outside the database system, such as in the Windows certificate store.
Method 1 - SSMS Always Encrypted Wizard
This is the correct method for the simulation.
Step 1: Open SSMS and connect to Azure SQL Database
Open SQL Server Management Studio.
Connect to the Azure SQL logical server that hosts db1.
Use a SQL admin account or Microsoft Entra admin account.
In Options > Connection Properties, select database:
db1
Connect.
If SSMS cannot connect, go to the Azure portal and add your client IP address under the SQL server firewall
/networking settings.
Step 2: Open the table column
In Object Explorer:
Expand Databases.
Expand db1.
Expand Tables.
Expand:
SalesLT.Customer
Expand Columns.
Locate:
LastName
Microsoft confirms that the Always Encrypted Wizard can be launched at the database, table, or individual column level. For one column, the cleanest path is to launch it directly from the column.
Step 3: Launch the Always Encrypted Wizard
Right-click the LastName column, then select:
Encrypt Column
or, depending on the SSMS version:
Always Encrypted Wizard
Alternative path:
Right-click db1 > Tasks > Always Encrypted Wizard
Then manually select:
SalesLT.Customer.LastName
Step 4: Select the LastName column for encryption
On the Column Selection page:
Find:
SalesLT.Customer.LastName
Select the checkbox for LastName.
Set the encryption type.
Use:
Randomized
unless the lab specifically requires searching or equality filtering on LastName.
Reason: Randomized encryption is stronger because identical plaintext values produce different ciphertext values. Deterministic encryption allows equality lookups, joins, grouping, and indexing, but leaks more pattern information because identical plaintext values produce identical encrypted values. Microsoft describes deterministic encryption as query-friendly but more pattern-revealing, while randomized encryption is more secure but does not support normal searching/grouping/joining without secure enclaves.
For this task, the requirement is only to encrypt the LastName column, so Randomized is the safer default.
Step 5: Choose or create a Column Encryption Key
For Encryption Key, select a new key such as:
CEK_Auto1
or create a new column encryption key if one does not already exist.
This is the key that encrypts the data in the LastName column. Microsoft states that a column encryption key encrypts the data in encrypted columns, and the column master key encrypts/protects the column encryption key.
Select Next.
Step 6: Configure the Column Master Key in Windows Certificate Store
On the key configuration page, create a new Column Master Key.
Use settings like:
Setting
Value
Column master key name
CMK_WindowsCert or default generated name
Key store
Windows Certificate Store
Certificate location
Current User
Certificate
Generate new certificate
Column encryption key
CEK_Auto1 or default generated CEK
In many SSMS versions, the wizard creates both:
CMK_Auto1
CEK_Auto1
That is acceptable as long as the CMK key store is Windows Certificate Store.
Microsoft states that SQL Server Management Studio supports column master keys stored in the Windows Certificate Store, and that a column master key can be a certificate stored in Windows Certificate Store.
Step 7: Run the wizard
On the final wizard pages:
Review the configuration.
Choose:
Proceed to finish now
or:
Run immediately
Select Finish.
SSMS will generate the column master key metadata, column encryption key metadata, and perform the data encryption operation. Microsoft explains that the wizard can encrypt selected columns and can generate a new column master key and column encryption key when needed.
During encryption, SSMS may temporarily create a new table, copy data, encrypt the selected column, and swap the table back, depending on whether secure enclaves are used. Microsoft notes that the wizard can move data out of the database and perform cryptographic operations inside the SSMS process when secure enclave in-place encryption is not used.
Verification Steps
Step 1: Confirm Always Encrypted metadata exists
Run this in db1:
SELECT
name,
key_store_provider_name,
key_path
FROM sys.column_master_keys;
You should see a column master key that uses the Windows certificate store provider.
Then run:
SELECT
name
FROM sys.column_encryption_keys;
You should see the column encryption key created by the wizard.
Step 2: Confirm LastName is encrypted
Run:
SELECT
t.name AS table_name,
c.name AS column_name,
c.encryption_type_desc,
cek.name AS column_encryption_key
FROM sys.columns AS c
JOIN sys.tables AS t
ON c.object_id = t.object_id
LEFT JOIN sys.column_encryption_keys AS cek
ON c.column_encryption_key_id = cek.column_encryption_key_id
WHERE t.name = ' Customer '
AND SCHEMA_NAME(t.schema_id) = ' SalesLT '
AND c.name = ' LastName ' ;
Expected result:
table_name: Customer
column_name: LastName
encryption_type_desc: RANDOMIZED
column_encryption_key: CEK_Auto1 or similar
If you selected deterministic encryption, the expected value will be:
DETERMINISTIC
The key requirement is that encryption_type_desc is no longer NULL.
Step 3: Test viewing the encrypted column
Open a new SSMS query connection without Always Encrypted enabled and run:
SELECT TOP 10 LastName
FROM SalesLT.Customer;
You should not see normal plaintext values.
Then reconnect with Always Encrypted enabled:
In SSMS, select Connect > Database Engine.
Select Options.
Go to Additional Connection Parameters.
Add:
Column Encryption Setting=Enabled
Connect again.
Run:
SELECT TOP 10 LastName
FROM SalesLT.Customer;
A client that has access to the Windows certificate/private key should be able to decrypt the values. Microsoft explains that the database stores encrypted data and key metadata, while client-side components with access to the column master key perform encryption and decryption.
Important Exam Notes
Do not choose Azure Key Vault
The task explicitly says:
You must use the Windows Certificate Store.
So the column master key should not be stored in Azure Key Vault.
Wrong:
Azure Key Vault
Correct:
Windows Certificate Store
Do not use TDE
TDE is not column-level Always Encrypted. It encrypts database files/logs at rest, but users and administrators querying the database still see plaintext if they have SQL permissions.
Correct technology:
Always Encrypted
Correct key store:
Windows Certificate Store
Correct target column:
SalesLT.Customer.LastName

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

See the explanation part for the complete Solution.
Explanation:
To enable change data capture (CDC) for db1, you need to run the stored procedure sys.sp_cdc_enable_db in the database context. CDC is a feature that records activity on a database when tables and rows have been modified1. CDC can be used for various scenarios, such as data synchronization, auditing, or ETL processes2.
Here are the steps to enable CDC for db1:
Connect to db1 using SQL Server Management Studio, Azure Data Studio, or any other tool that supports Transact-SQL statements.
Open a new query window and run the following command: EXEC sys.sp_cdc_enable_db; GO This command will enable CDC for the database and create the cdc schema, cdc user, metadata tables, and other system objects for the database3.
To verify that CDC is enabled for db1, you can query the is_cdc_enabled column in the sys.databases catalog view. The value should be 1 for db1.
These are the steps to enable CDC for db1

See the explanation part for the complete Solution.
Explanation:
To prevent db1 from reverting to the last known good query plan, you need to disable the automatic plan correction feature for the database. This feature is enabled by default and allows the Query Store to detect and fix plan performance regressions by forcing the last good plan1. However, if you want to test the performance of different plans without interference from the Query Store, you can turn off this feature by using the ALTER DATABASE SCOPED CONFIGURATION statement2.
Here are the steps to disable the automatic plan correction feature for db1:
Connect to db1 using SQL Server Management Studio, Azure Data Studio, or any other tool that supports Transact-SQL statements.
Open a new query window and run the following command: ALTER DATABASE SCOPED CONFIGURATION SET AUTOMATIC_TUNING (FORCE_LAST_GOOD_PLAN = OFF); GO This command will disable the automatic plan correction feature for db1 and allow the Query Optimizer to choose the best plan based on the current statistics and parameters3.
To verify that the automatic plan correction feature is disabled for db1, you can query the sys.
database_scoped_configurations catalog view. The value of the force_last_good_plan column should be 0 for db1.
These are the steps to disable the automatic plan correction feature for db1.

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Explanation:

Box 1: Full and log backups only
Make sure to take every backup on a separate backup media (backup files). Azure Database Migration Service doesn ' t support backups that are appended to a single backup file. Take full backup and log backups to separate backup files.
Box 2: WITH CHECKSUM
Azure Database Migration Service uses the backup and restore method to migrate your on-premises databases to SQL Managed Instance. Azure Database Migration Service only supports backups created using checksum.
Reference:
https://docs.microsoft.com/en-us/azure/dms/known-issues-azure-sql-db-managed-instance-online Basic Concept: This question tests choosing the correct Azure migration approach by matching the source platform, target service, downtime tolerance, and administrative effort.
Why the selected answer is Correct: The selected values fit this scenario because they apply the required Azure SQL configuration at the correct scope and sequence: You need to perform an online migration of DB1 to an Azure SQL Database managed instance by using Azure Database Migration Service.
Why the alternate choices are Wrong: The alternate selections would either use a migration tier that does not match the downtime requirement, choose a network resource that does not support the migration path, or add an unnecessary deployment component.

Explanation:

Box 1: SET AUTOMATIC_TUNING = AUTO
To enable automatic tuning on a single database via T-SQL, connect to the database and execute the following query:
ALTER DATABASE current SET AUTOMATIC_TUNING = AUTO
Setting automatic tuning to AUTO will apply Azure Defaults.
Box 2: SET AUTOMATIC_TUNING (FORCE_LAST_GOOD_PLAN = ON)
To configure individual automatic tuning options via T-SQL, connect to the database and execute the query such as this one:
ALTER DATABASE current SET AUTOMATIC_TUNING (FORCE_LAST_GOOD_PLAN = ON) Setting the individual tuning option to ON will override any setting that database inherited and enable the tuning option. Setting it to OFF will also override any setting that database inherited and disable the tuning option.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/automatic-tuning-enable

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).