You manage a Microsoft SQL Server environment. You implement Transparent Data Encryption (TDE). A user will assist in managing TDE. You need to ensure that the user can view the TDE metadata while following the principle of lease privilege. Which permission should you grant?
A. DDLAdmin
B. db_datawriter
C. dbcreator
D. dbo
E. View Database State
F. View Server State
G. View Definition
H. sysadmin
Answer: G
Explanation:
Viewing the metadata involved with TDE requires the VIEW DEFINITION permission on the certificate.
https://docs.microsoft.com/en-us/sql/relationaldatabases/security/encryption/transparent-dataencryption-tde
Question No : 2
You are the database administrator for a company that hosts Microsoft SQL Server. You manage both on-premises and Microsoft Azure SQL Database environments. You have a user database named HRDB that contains sensitive human resources data. The HRDB backup files must be encrypted. You need to grant the correct permission to the service account that backs up the HRDB database. Which permission should you grant?
A. DDLAdmin
B. db_datawriter
C. dbcreator
D. dbo
E. View Database State
F. View Server State
G. View Definition
H. sysadmin
Answer: G
Explanation:
Restoring the encrypted backup: SQL Server restore does not require any encryption parameters to be specified during restores. It does require that the certificate or the asymmetric key used to encrypt the backup file be available on the instance that you are restoring to. The user account performing the restore must have VIEW DEFINITION permissions on the certificate or key.
https://docs.microsoft.com/en-us/sql/relational-databases/backup-restore/backupencryption
Get Microsoft
70-764 Exam Real Questions - 70-764 Braindumps Realexamdumps.com
Question No : 3
You are the database administrator for a company that hosts Microsoft SQL Server. You manage both on-premises and Microsoft Azure SQL Database environments. You plan to delegate encryption operations to a user. You need to grant the user permission to implement cell-level encryption while following the principle of least privilege. Which permission should you grant?
A. DDLAdmin
B. db_datawriter
C. dbcreator
D. dbo
E. View Database State
F. View ServerState
G. View Definition
H. sysadmin
Answer: G
Explanation:
The following permissions are necessary to perform column-level encryption, or cell-level encryption.
https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/encrypta-column-ofdata
Question No : 4
A company has an on-premises Microsoft SQL Server environment and Microsoft Azure SQL Database instances. The environment hosts a customer database named DB1. Customers connect to hosted database instances by using line-of-business applications. Developers connect by using SQL Server Management Studio (SSMS). You need to grant the developers permission to alter views for DB1 while following the principle of least privilege. Which permission should you grant?
A. DDLAdmin
B. db_datawriter
C. dbcreator
D. dbo
E. View Database State
F. View Server State
G. View Definition
H. sysadmin
Answer: A
Explanation:
To execute ALTER VIEW, at a minimum, ALTER permission on OBJECT is required. Members of the db_ddladmin fixed database role can run any Data Definition Language (DDL) command in a database.
https://technet.microsoft.com/en-us/library/ms190667(v=sql.90).aspx
Get 70-764 Dumps
PDF - 70-764 Exam Dumps Study Material Realexamdumps.com
Question No : 5
You have an on-premises server that runs Microsoft SQL Server 2016 Standard Edition. You need to identify missing indexes.What should you use?
A. Activity Monitor
B. Sp_who3
C. SQL Server Management Studio (SSMS) Object Explorer
D. SQL Server Data Collector
E. SQL Server Data Tools (SSDT)
F. SQL Server Configuration Manager
Answer: D
Explanation:
Data Collector can gather performance information from multiple SQL Server instances and store it in a single repository. It has three built-in data collecting specifications (data collectors) designed to collect the most important performance metrics. The information collected by default is about disk usage, query statistics, and server activity. The Query Statistics data collection set collects information about query statistics, activity, execution plans and text on the SQL Server instance. Missing indexes can be found with the execution plans.
https ://www.sqlshack.com/sql-server-performance-monitoring-data-collector/
Question No : 6
You have a database named DB1 that stores more than 700 gigabyte (GB) of data and serves millions of requests per hour. Queries on DB1 are taking longer than normal to complete. You run the following Transact-SOL statement:
SELECT* FROM sys.database_query_store_options
You determine that the Query Store is in Read-Only mode. You need to maximize the time that the Query Store is in Read-Write mode. Which Transact-SOL statement should you run?
A. ALTER DATABASE DB1SET QUERY_STORE (QUERY_CAPTURE_MODE = ALL)
B. ALTER DATABASE DB1SET QUERY_STORE (MAX_STORAGE_SIZE_MB = SO)
C. ALTER DATABASE DB1SET QUERY_STORE (CLEANUP _POLICY=
(STALE_QUERY_THRESHOLD_DAYS = 14));
D. ALTER DATABASE DB1SET QUERY_STORE (QUERY_CAPTURE_MODE = NONE)
Answer: C
Explanation:
Stale Query Threshold (Days): Time-based cleanup policy that controls the retention period of persisted runtime statistics and inactive queries. By default, Query Store is configured to keep the data for 30 days which may be unnecessarily long for your scenario. Avoid keeping historical data that you do not plan to use. This will reduce changes to read-only status. The size of Query Store data as well as the time to detect and mitigate the issue will be more predictable. Use Management Studio or the following script to configure time-based cleanup policy:
ALTER DATABASE [QueryStoreDB]
SET QUERY_STORE (CLEANUP _POLICY= (STALE_QUERY_THRESHOLD_DAYS = 14));
https://docs.microsoft.com/en-us/sql/relational-databases/performance/best-practicewith-thequery-store
Pass Microsoft
70-764 Exam with Valid 70-764 Exam Question Answers - Realexamdumps.com
Question No : 7
You have an SQL Server 2016 server named SQL1.
You are designing a performance monitoring solution.
You need to monitor the following events on SQL1:
✑ A deadlock graph
✑ Missing column statistics
✑ CPU performance statistics
✑ A batch of completed Transact-SQL statements
Which two tools should you use? Each correct answer presents a complete solution. Which two tools should you use? Each correct answer presents a complete solution.
A. dynamic management views
B. Database Engine Tuning Advisor
C. SQL Server Profiler
D. Activity Monitor
E. Data Profile Viewer
Answer: B,C
Explanation: B: Database Engine Tuning Advisor examines how queries are processed in the databases you specify.When you run a Profiler Trace and feed it to the Database Engine Tuning Advisor, it also looks for missing column statistics, and it can automatically create them for you. C: Use SQL Server Profiler to identify the cause of a deadlock. A deadlock occurs when there is a cyclic dependency between two or more threads, or processes, for some set of resources within SQL Server. Using SQL Server Profiler, you can create a trace that records, replays, and displays deadlock events for analysis.
Reference: Analyze Deadlocks with SQL Server Profiler
https://msdn.microsoft.com/en-us/library/ms188246.aspx
Reference: Mastering SQL Server Profiler, page 245
Question No : 8
You manage a Microsoft SQL Server instance. You have a user named User1. You need to grant the minimum permissions necessary to allow User1 to review audit logs. For each action, which option should you use? To answer, select the appropriate options in the answer area.
Answer:
Explanation:
Box 1: securityadmin
To access log files for instances of SQL Server that are online, this requires membership in the securityadmin fixed server role.
Box 2: sys.server_audit_specifications
sys.server_audit_specifications contains information about the server audit specifications in a SQL Server audit on a server instance.
Buy Latest
Microsoft 70-764 Certification Practice Question Answers – Realexamdumps.com
Question No : 9
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
You are a database administrator for a company that has an on-premises Microsoft SQL Server environment and Microsoft Azure SQL Database instances. The environment hosts several customer databases, and each customer uses a dedicated instance. The environments that you manage are shown in the following table.
You need to configure auditing for WDWDB.
In the table below, identify the event type that you must audit for each activity.
Answer:
Question No : 10
You are designing an authentication strategy for a new server that has SQL Server 2016 installed. The strategy must meet the following business requirements:
✑ The account used to generate reports must be allowed to make a connection during certain hours only.
✑ Failed authentication requests must be logged.
You need to recommend a technology that meets each business requirement. The solution must minimize the amount of events that are logged. Which technologies should you recommend? To answer, drag the appropriate solution to the correct business requirement in the answer area. You need to recommend a technology that meets each business requirement. The solution must minimize the amount of events that are logged. Which technologies should you recommend? To answer, drag the appropriate solution to the correct business requirement in the answer area.
Answer:
Explanation:
* Logon triggers fire stored procedures in response to a LOGON event. This event is raised when a user session is established with an instance of SQL Server. Logon triggers fire after the authentication phase of logging in finishes, but before the user session is actually established.
You can use logon triggers to audit and control server sessions, such as by tracking login activity, restricting logins to SQL Server, or limiting the number of sessions for a specific login.
* Login auditing can be configured to write to the error log on the following events.
Failed logins
Successful logins
Both failed and successful logins
Incorrect:
* C2 audit mode can be configured through SQL Server Management Studio or with the c2 audit mode option in sp_configure. Selecting this option will configure the server to record both failed and successful attempts to access statements and objects.
References:
Logon Triggers
Configure Login Auditing (SQL Server Management Studio)
No comments:
Post a Comment