About This Flashcard Deck
This flashcard deck contains 5 cards covering key Data & Application Security concepts for the AZ-500 exam. Practice data protection and encryption concepts for AZ-500. Use active recall by attempting to answer each question before revealing the answer. Research shows that flashcard-based active recall is one of the most effective study techniques for certification exams.
Question
What is the difference between TDE and Always Encrypted?
Click to reveal answer
Answer
TDE encrypts the entire database at rest (transparent to apps). Always Encrypted encrypts specific columns client-side; even DBAs cannot see plaintext.
Click to flip back
All Data & Application Security Flashcards
Q: What is the difference between TDE and Always Encrypted?
A: TDE encrypts the entire database at rest (transparent to apps). Always Encrypted encrypts specific columns client-side; even DBAs cannot see plaintext.
Q: What is Key Vault purge protection?
A: Prevents permanent deletion of vault objects during the soft-delete retention period. Even with Owner permissions, purging is blocked.
Q: How do you secure an Azure Storage account?
A: Disable public blob access, require HTTPS, use private endpoints, enable soft delete, configure SAS with short expiration, and use customer-managed keys.
Q: What is Azure Information Protection?
A: A classification and labeling system that applies encryption, rights management, and visual markings to documents and emails based on sensitivity labels.
Q: What are the storage account encryption options?
A: Microsoft-managed keys (default, no config needed), Customer-managed keys in Key Vault, or Customer-provided keys (per-request with Blob storage).
Effective Azure Flashcard Study Method
For Azure certifications, we recommend the spaced repetition approach: review these flashcards daily for the first week, then every other day for two weeks, then weekly until your exam date. Focus extra time on cards related to Azure service comparisons — understanding when to choose between similar services (e.g., App Service vs. AKS vs. Container Instances) is a common exam pattern.