Question 4 - Microsoft Cybersecurity SC-100 Real Exam Questions [Jan 2026 Update]

Q: 4

Your company has on-premises Microsoft SQL Server databases. The company plans to move the databases to Azure. You need to recommend a secure architecture for the databases that will minimize operational requirements for patching and protect sensitive data by using dynamic data masking. The solution must minimize costs. What should you include in the recommendation?

Options

Correct Answer:

Explanation

Azure SQL Database is a fully managed Platform as a Service (PaaS) offering. This model abstracts the underlying infrastructure, meaning Microsoft handles all patching and updates automatically, which directly fulfills the requirement to minimize operational requirements. It natively supports security features like Dynamic Data Masking to protect sensitive data. For migrating individual or groups of databases without complex instance-level dependencies, Azure SQL Database is generally the most cost-effective solution compared to other PaaS options like Azure SQL Managed Instance, thus meeting all the specified criteria.

Why Incorrect

A. Azure SQL Managed Instance: While it is a PaaS service that automates patching and supports dynamic data masking, it is typically more expensive than Azure SQL Database and is designed for migrations requiring instance-level features.

B. Azure Synapse Analytics dedicated SQL pools: This service is optimized for large-scale data warehousing and analytics, not for general-purpose transactional databases. It is an unnecessarily complex and costly option for this scenario.

D. SQL Server on Azure Virtual Machines: This is an Infrastructure as a Service (IaaS) solution. It requires the customer to manage and perform all patching for both the operating system and SQL Server, directly contradicting the requirement to minimize operational effort.

References

1. Microsoft Learn

"Choose an Azure SQL option": This document compares the Azure SQL offerings. It states that Azure SQL Database is a "fully managed SQL database" where "Microsoft is responsible for all patching and updating of the SQL code base". It also positions SQL Database as having the "Lowest cost in PaaS". For SQL Server on Azure VMs

it explicitly lists "OS and SQL Server patching" as a customer responsibility.

Reference Section: "Compare the options" table.

2. Microsoft Learn

"What is Azure SQL Database?": This document describes the service

stating it is a "fully managed platform as a service (PaaS) database engine that handles most of the database management functions such as upgrading

patching

backups

and monitoring without user involvement."

Reference Section: "Overview".

3. Microsoft Learn

"Dynamic Data Masking": This documentation confirms that Dynamic Data Masking is a supported feature in Azure SQL Database

Azure SQL Managed Instance

and Azure Synapse Analytics.

Reference Section: "Applies to" and "Permissions".

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE