Exam DP-800 Topic 1 Question 96 Discussion
Actual exam question for Microsoft's DP-800 exam
Question #: 96
Topic #: 1
Question #: 96
Topic #: 1
You have an Azure SQL database named SalesDB and an Azure App Service app named sales- api. SalesDB contains a table named dbo.Customers. dbo.Customers contains two columns named CreditCardNumber and TenantId.
Currently, sales-api connects to SalesDB by using SQL authentication with stored username and password.
You need to recommend a solution that meets the following requirements:
- Provides a passwordless method for sales-api to access SalesDB.
- Ensures that credit card numbers are NOT stored as plain text.
What should you include in the recommendation?
Currently, sales-api connects to SalesDB by using SQL authentication with stored username and password.
You need to recommend a solution that meets the following requirements:
- Provides a passwordless method for sales-api to access SalesDB.
- Ensures that credit card numbers are NOT stored as plain text.
What should you include in the recommendation?
Suggested Answer: D Vote an answer
To move from SQL authentication to a more secure, passwordless architecture while protecting credit card data, you should implement Azure Managed Identities for authentication and Always Encrypted for data protection.
1. Enable Passwordless Authentication
Replace your stored username and password with a Managed Identity. This allows the App Service to authenticate with the database using its own identity, managed by Azure.
Step 1A: Enable Identity on App Service
Step 1B: Grant Database Access
Set an Entra ID (Active Directory) Admin for your SQL Server.
Connect to your database as that admin and run the following to create a user for your app:
Step 1C: Update Connection String
2. Protect Credit Card Numbers
Use Always Encrypted to ensure credit card numbers are encrypted before they even reach the database. The database engine never sees the plain text.
Step 2A: Store Encryption Keys
Step 2B: Encrypt the Column
Use the Always Encrypted Wizard in SQL Server Management Studio (SSMS).
Select the credit card column and choose Randomized encryption for maximum security (unless you need to search by exact matches, in which case use Deterministic).
Reference:
https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted- database-engine
1. Enable Passwordless Authentication
Replace your stored username and password with a Managed Identity. This allows the App Service to authenticate with the database using its own identity, managed by Azure.
Step 1A: Enable Identity on App Service
Step 1B: Grant Database Access
Set an Entra ID (Active Directory) Admin for your SQL Server.
Connect to your database as that admin and run the following to create a user for your app:
Step 1C: Update Connection String
2. Protect Credit Card Numbers
Use Always Encrypted to ensure credit card numbers are encrypted before they even reach the database. The database engine never sees the plain text.
Step 2A: Store Encryption Keys
Step 2B: Encrypt the Column
Use the Always Encrypted Wizard in SQL Server Management Studio (SSMS).
Select the credit card column and choose Randomized encryption for maximum security (unless you need to search by exact matches, in which case use Deterministic).
Reference:
https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted- database-engine
by David at Jun 27, 2026, 06:48 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).