You need to be able to restore the database.Which Transact-SQL statement should you use before attempting the restore?

You administer a Microsoft SQL Server 2012 database. You configure Transparent Data Encryption (TDE) on
the Orders database by using the following statements:
<code>
CREATE MASTER KEY ENCRYPTION BY PASSWORD = ‘MyPassword1!’
CREATE CERTIFICATE TDE_Certificate WITH SUBJECT = ‘TDE Certificate’;
BACKUP CERTIFICATE TDE_Certificate TO FILE = ”d:\TDE_Certificate.cer’
WITH PRIVATE KEY (FILE = ‘D:\TDE_Certificate.key’, ENCRYPTION BY PASSWORD =
‘MyPassword1!’);
CREATE DATABASE ENCRYPTION KEY
WITH ALGORITHM = AES_256
ENCRYPTION BY SERVER CERTIFICATE TDE_Certificate;
ALTER DATABASE Orders SET ENCRYPTION ON;
<code>
You attempt to restore the Orders database and the restore fails. You copy the encryption file to the original
location. A hardware failure occurs and so a new server must be installed and configured. After installing SQL
Server to the new server, you restore the Orders database and copy the encryption files to their original
location. However, you are unable to access the database. You need to be able to restore the database.Which
Transact-SQL statement should you use before attempting the restore?

You administer a Microsoft SQL Server 2012 database. You configure Transparent Data Encryption (TDE) on
the Orders database by using the following statements:
<code>
CREATE MASTER KEY ENCRYPTION BY PASSWORD = ‘MyPassword1!’
CREATE CERTIFICATE TDE_Certificate WITH SUBJECT = ‘TDE Certificate’;
BACKUP CERTIFICATE TDE_Certificate TO FILE = ”d:\TDE_Certificate.cer’
WITH PRIVATE KEY (FILE = ‘D:\TDE_Certificate.key’, ENCRYPTION BY PASSWORD =
‘MyPassword1!’);
CREATE DATABASE ENCRYPTION KEY
WITH ALGORITHM = AES_256
ENCRYPTION BY SERVER CERTIFICATE TDE_Certificate;
ALTER DATABASE Orders SET ENCRYPTION ON;
<code>
You attempt to restore the Orders database and the restore fails. You copy the encryption file to the original
location. A hardware failure occurs and so a new server must be installed and configured. After installing SQL
Server to the new server, you restore the Orders database and copy the encryption files to their original
location. However, you are unable to access the database. You need to be able to restore the database.Which
Transact-SQL statement should you use before attempting the restore?

A.
ALTER DATABASE Master SET ENCRYPTION OFF;

B.
CREATE CERTIFICATE TDE_Certificate FROM FILE = ‘d:\TDE_Certificate.cer’
WITH PRIVATE KEY (FILE = ‘D:\TDE_Certificate.key’, DECRYPTION BY PASSWORD =
‘MyPassword1!’);

C.
CREATE CERTIFICATE TDE_Certificate WITH SUBJECT = ‘TDE Certificate’;
USE Orders;
CREATE DATABASE ENCRYPTION KEY
WITH ALGORITHM = AES_256
ENCRYPTION BY SERVER CERTIFICATE TDE_Certificate;

D.
CREATE CERTIFICATE TDE_Certificate FROM FILE = ‘d:\TDE_Certificate.cer’;



Leave a Reply 3

Your email address will not be published. Required fields are marked *


ASNAOUI Ayoub

ASNAOUI Ayoub

REMINDER 1:
TDE enables a user to encrypt an entire database
We encrypt a database using TDE as follow:
=> Create a Database Master Key(DMK)
=> Create a Certificate protected with the
DMK
=> We create a Database Encryption Key(DEK)
using the certificate
=> We encrypt the database

REMINDER 2:
A certificate is a container of asymmetric key having additionally an expiry dates.
A Certificate encrypts data using a PUBLIC KEY and decrypts data using a PRIVATE KEY

ANSWER:
In our case, we made a backup of the certificate with it’s private key included. So if we restore the Certificate in the new server without it’s private key we won’t be able to access the database’s data.

So Considering that, the only correct answer is : C (We restore the certificate with it’s private key)