SelfTestAppendix•Appendix 35 The correct answer is B. Answer A is incorrect because this syntax is used to create a certificate initially. Answer C is incorrect because this syntax is used to create a database encryption key. Answer D is incorrect because this syntax is used to start the encryption scan. 7. Which sys catalog view is used to monitor the progress of an encryption scan? A. Sys.configurations B. Sys.certificates C. Sys.key_encryptions D. Sys.dm_database_encryption_keys The correct answer is D. Answers A, B, and C are incorrect because they will not display the progress of an encryption scan. 8. When transparent data encryption (TDE) is enabled, which of the following system catalog views will the database show as encrypted? A. Sys.databases B. Sys.all_objects C. Sys.all_columns D. Sys.configurations The correct answer is A. Answers B, C, and D are incorrect because the “is_encrypted” column is not available in these system views. 9. When transparent data encryption (TDE) is enabled, database backups are encrypted. If you cannot locate the associated Certificate and private key files, what happens to the data if you need to restore the encrypted database? A. Everything will be readable since the Certificate and private key can be recreated. B. The data will not be readable since the Certificate and private key files are lost. C. Only encrypted columns will not be readable. D. Everything will be readable once the database encryption has been turned off in the master database. The correct answer is B. Answers A, C, and D are incorrect since the original Certificate and private key files are required to decrypt the database. It is very important to store these files in a secure location other than with the database backup to mitigate the possibility of not being able to decrypt a database. 36 Appendix•SelfTestAppendix 10. In which edition of SQL Server 2008 is cell-level encryption available? A. Only in the Enterprise edition B. Only in the Web edition C. Only in the Workgroup edition D. All SQL Server 2008 editions The correct answer is D. Answers A, B, and C are incorrect because cell-level encryption is not limited to only one edition of SQL Server 2008. 11. When using cell-level encryption which data type is required in order to encrypt the data? A. VARCHAR B. No special data type is necessary C. BINARY D. VARBINARY The correct answer is D. Using the VARBINARY is required when using cell-level encryption, making answers A, B, and C incorrect. 12. What is the query performance impact when using cell-level encryption? A. There is a positive query performance impact since there are only specific columns that are encrypted. B. There is a negative query performance impact since data types have to be converted from varbinary to the correct data type and primary keys and indexes are not used, resulting in full table scans. C. There is a negative query performance impact unless TDE has been enabled. D. There is a positive query performance impact as long as TDE has been enabled. The correct answer is B. Answers A, C, and D are incorrect since these con- figurations would not have an impact on query performance. 13. Cell-level encryption is best used in which of the following? A. Performance sensitive situations B. All situations C. Limited access control through the use of passwords situations D. Situations when a password is not needed to access the encrypted data SelfTestAppendix•Appendix 37 The correct answer is C. Answer A is incorrect and is a consideration that would result in the use of TDE. Answer B is incorrect because cell-level encryption is not recommended in all situations because of the performance impact. Answer D is incorrect because passwords are required when using cell-level encryption. 14. Which of the following best describes the difference between symmetric and asymmetric keys? A. An asymmetric key uses the same password to encrypt and decrypt the data and a symmetric key uses a public key to encrypt the data and a private key to decrypt the data. B. An asymmetric key uses the same password to encrypt and decrypt the data and a symmetric key uses a private key to encrypt and a public key to decrypt the data. C. A symmetric key uses the same password to encrypt and decrypt the data and an asymmetric key uses a public key to encrypt and a different password/private key to decrypt the data. D. A symmetric key uses the same password to encrypt and decrypt the data and an asymmetric key uses a private key to encrypt and a different password/public key to decrypt the data. The correct answer is C. Answers A, B, and D are incorrect because the combinations of passwords used for encrypting and decrypting do not accurately describe symmetric and asymmetric keys. 15. Which of the following best describes EFS encryption? A. Encryption occurs at the file-level. B. Encryption occurs at the database-level. C. Encryption occurs at the cell-level. D. Encryption occurs at the server-level. The correct answer is A. Answers B, C, and D are incorrect because Encrypting File System (EFS) – encryption only occurs at the file-level. 16. When you are using Encrypting File Service (EFS) with SQL Server, which SQL server account must have access to file encryption keys encrypting any database files? A. SQL Server agent account B. Database server, service account 38 Appendix•SelfTestAppendix C. SA account D. SQL executive account The correct answer is B. Answers A, C, and D are incorrect since these accounts are not used to access database files. 17. In which of the following is EFS best used? A. Web server B. Database server C. Workstation D. Application server The correct answer is C. EFS is best used when the database is primarily used by a small set of users so answers A, B, and D are incorrect. 18. Which of the following best describes SQL Server 2008 Extensible Key Management? A. Enables third-party EKM/HSM vendors to register their modules in SQL Server B. Enables easy management of Encrypting File System (EFS) encryption C. Enables easy creation of an EKM key with another EKM key D. Enables easy back up of a database encryption key The correct answer is A. Answer B is incorrect because SQL Server 2008 extensible key management does not provide the functionality to manage EFS encryption. Answer C is incorrect because an EKM key cannot be created with another EKM key so this cannot be done using EKM. Answer D is incorrect because EKM does not provide the functionality to back up a database encryption key; this is done using T-SQL. 19. In which of the following editions of SQL Server 2008 is Extensible Key Management available? A. Workgroup edition B. Web edition C. Enterprise edition D. Express edition SelfTestAppendix•Appendix 39 The correct answer is C. SQL Server 2008 Extensible Key Management is available in the Enterprise, Developer, and Evaluation editions so Answers A, B, and D are incorrect. 20. Which system stored procedure is used to enable Extensible Key Management? A. Sys.dboption B. Sys.sp_configure C. Sys.sp_helpdb D. Sys.sp_addextendedproc The correct answer is B. Only the sys.sp_configure stored procedure provides the ability to enable Extensible Key Management so answers A, C, and D are incorrect. These stored procedures do not provide the necessary functionality. Chapter 6: Managing High Availability 1. You are designing a new database server for your company. You wish to store the database’s MDF file and NDF files on the most cost efficient storage possible, while providing a redundant storage solution. Your database will be 95% reads, and 5% writes. What RAID level should you use for your MDF and NDF files? A. RAID 0 B. RAID 1 C. RAID 5 D. RAID 10 Answer C is the correct answer. Although RAID 0 is more cost effective than RAID 5, RAID 0 has no redundancy built into it. RAID 1 and RAID 10 are less cost effective then RAID 5 because of the one-to-one copying that is done, which reduces the number of hard drives available in the RAID array by half. 2. You are configuring log shipping on your OLTP database from one data center to another. You need to ensure that the minimum amount of bandwidth is used when moving the logs from your primary site to the backup site. When config- uring the log backups, which option should you select to meet your goal? A. Use the default server setting B. Compress backup . edition of SQL Server 2008 is cell-level encryption available? A. Only in the Enterprise edition B. Only in the Web edition C. Only in the Workgroup edition D. All SQL Server 2008 editions The correct. encryption? A. Encryption occurs at the file-level. B. Encryption occurs at the database-level. C. Encryption occurs at the cell-level. D. Encryption occurs at the server- level. The correct answer is A at the file-level. 16. When you are using Encrypting File Service (EFS) with SQL Server, which SQL server account must have access to file encryption keys encrypting any database files? A. SQL