Storage Security (1 / 10): Your company is storing sensitive user data in an Azure SQL Database and also needs to securely send this data to a third-party analytics service. To ensure the security of the data, you need to select the appropriate encryption strategies. Which of the following strategies should you adopt?
Answer:
Use Transport Layer Security (TLS) for data in transit to the analytics service and Azure Storage Service Encryption (SSE) for data at rest in Azure SQL Database. Transport Layer Security (TLS) is meant to secure data when it's in transit i.e., when it's being moved from one place to another over a network. In this case, it's used when the data is being sent to the analytics service. On the other hand, Azure Storage Service Encryption (SSE) is designed to protect data at rest i.e., when it's stored and not moving. In this case, it's used to secure the data that is stored in Azure SQL Database.
Other options are incorrect because they mix-up the roles of encryption-at-rest and encryption-in-transit. For example, Azure Key Vault is not an encryption service but is used for managing cryptographic keys, and TLS is not used for data at rest.