Contoso has an Azure subscription in North Europe that contains the corporate infrastructure. The current infrastructure contains a Microsoft SQL Server 2017 database. The database contains the following tables.
The FeedbackJson column has a full-text index and stores JSON documents in the following format.
The support staff at Contoso never has the unmask permission.
Requirements
Contoso is deploying a new Azure SQL database that will become the authoritative data store for the following;
Sometimesthe ingestion pipeline fails due to malformed JSON and duplicate payloads.
The engineers at Contoso report that the following dashboard query runs slowly.
SELECT VehicleTd, Lastupdatedutc, EngineStatus, BatteryHealth FROM dbo.VehicleHealthSumary where fleetld- gFleetld ORDER BV LastUpdatedUtc DESC;
You review the execution plan and discover that the plan shows a clustered index scan.
vehicleincidentReports often contains details about the weather, traffic conditions, and location. Analysts report that it is difficult to find similar incidents based on these details
Planned Changes
Contoso wants to modernize Fleet Intelligence Platform to support Al-powered semantic search over
incident reports.
Security Requirements
Contoso identifies the following telemetry requirements:
• Telemetry data must be stored in a partitioned table.
• Telemetry data must provide predictable performance for ingestion and retention operations.
• latitude, longitude, and accuracy JSON properties must be filtered by using an index seek.
Contoso identifies the following maintenance data requirements:
• Ensure that any changes to a row in the MaintenanceEvents table updates the corresponding
value in the LastModif reduce column to the time of the change.
• Avoidrecursive updates.
AI Search, Embedding’s, and Vector indexing
The development learn at Contoso will use Microsoft Visual Studio Code and GitHub Copilot and will
retrieve live metadata from the databases. Contoso identifies the following requirements for
querying data in the FeedbackJson column of the customer-Feedback table:
• Extract the customer feedback text from the JSON document.
• Filter rows where the JSON text contains a keyword.
• Calculate a fuzzy similarity score between the feedback text and a known issue description.
• Orderthe results by similarity score, with the highest score first
View Mode
Q: 6
HOTSPOT You are creating a table that will store customer profiles. You have the following Transact-SQL code. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection Is worth one point.
Your Answer
Discussion
No comments yet. Be the first to comment.
Be respectful. No spam.
Correct Answer:
THE SCHEMA MEETS THE SECURITY REQUIREMENTS FOR PII DATA: YES
ADMINISTRATORS OF THE AZURE SQL SERVER CAN SEE ALL THE ROWS IN DBO.CUSTOMERPROFILES WHEN THEY USE AN APPLICATION: NO
THE MASKING RULES WILL APPLY EVEN WHEN ROW-LEVEL SECURITY (RLS) FILTERS OUT ROWS: YES
Explanation
Statement 1 (Yes): The Transact-SQL schema properly implements Dynamic Data Masking (DDM) functions (such as partial, email, and default) on columns containing Personally Identifiable Information (PII) like FullName, EmailAddress, and PhoneNumber. This limits sensitive data exposure to non-privileged users, satisfying standard application-level PII obfuscation requirements.
Statement 2 (No): Row-Level Security (RLS) filter predicates apply universally to all users, including those with database administrative privileges (db_owner or sysadmin). Unless the administrator is explicitly mapped in the dbo.UserRegionAccess lookup table (which the function relies on) or temporarily disables the security policy, the RLS policy will filter out the rows for them just as it does for standard users.
Statement 3 (Yes): Row-Level Security and Dynamic Data Masking are independent and fully compatible features. RLS applies first by filtering the rows at the database engine level. After RLS returns the permitted rows, DDM masking rules are successfully applied to those remaining rows before the result set is presented to the user.
Detail: Officially states that "RLS applies to all users, including dbo and sysadmin. However, users with permissions to alter the security policy can alter or drop the security policy..." confirming administrators cannot natively bypass active RLS filter predicates without administrative intervention.
Source: Row-level security - SQL Server | Microsoft Learn
Microsoft Learn: Dynamic Data Masking
Section: Dynamic Data Masking (Security features integration).
Detail: Confirms DDM limits data exposure for PII and explicitly notes that "Dynamic data masking can be used in conjunction with other SQL Server security features (auditing, encryption, row level security...)", verifying that masking rules persist concurrently with RLS row filtering.
Source: Dynamic data masking - SQL Server | Microsoft Learn
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection Is worth one point. 
