Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

6.4.5. Security & Governance Questions

Question 19

A healthcare company stores patient SSNs in Azure SQL Database. They need to ensure that even database administrators cannot view the actual SSN values. Which feature should they implement?

  • A. Transparent Data Encryption (TDE)
  • B. Dynamic Data Masking
  • C. Always Encrypted
  • D. Row-Level Security
Answer: C. Always Encrypted

Explanation: Always Encrypted ensures encryption keys never leave the client application—even DBAs with full database access see only encrypted values. TDE encrypts at rest but DBAs can still query data. Dynamic Data Masking is obfuscation, not true encryption.

Question 20

A compliance officer needs to understand how customer data flows from source systems through transformations to final reports, to demonstrate regulatory compliance. Which Microsoft service provides this capability?

  • A. Azure Monitor
  • B. Azure Advisor
  • C. Microsoft Purview
  • D. Azure Policy
Answer: C. Microsoft Purview

Explanation: Microsoft Purview provides data lineage—visual tracking of data from source to destination through all transformations. This is essential for regulatory compliance (GDPR, HIPAA). Monitor tracks performance; Advisor gives recommendations; Policy enforces rules.

Alvin Varughese
Written byAlvin Varughese
Founder15 professional certifications