Question 301 of 982

Quick Answer

The correct answer is that no action is required, because Azure Table Storage encryption at rest is enabled by default. This is due to Azure Storage Service Encryption (SSE), which automatically encrypts all data written to Azure Storage—including Table Storage—using 256-bit AES encryption, and this setting cannot be disabled. On the Microsoft Azure Data Fundamentals DP-900 exam, this concept tests your understanding that platform-managed encryption is a default security feature, not an optional configuration. A common trap is assuming you must enable encryption manually or choose a key management option, but the exam emphasizes that SSE is always on for all storage tiers. Remember the memory tip: “SSE is always on—no key, no fuss.”

DP-900 Practice Question: Describe considerations for working with non-relational data on Azure

This DP-900 practice question tests your understanding of describe considerations for working with non-relational data on azure. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

A company uses Azure Table Storage to store user session data. The data must be encrypted at rest. What should you do?

Question 1easymultiple choice
Full question →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

No action is required; Azure Storage encrypts data at rest by default.

Azure Table Storage, as part of Azure Storage, automatically encrypts all data at rest using Azure Storage Service Encryption (SSE) with 256-bit AES encryption. This encryption is enabled by default for all new and existing storage accounts, including Table Storage, and cannot be disabled. Therefore, no additional action is required to meet the encryption-at-rest requirement.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • No action is required; Azure Storage encrypts data at rest by default.

    Why this is correct

    Azure Storage automatically encrypts all data.

    Related concept

    Read the scenario before looking for a memorised answer.

  • Enable Azure Storage Service Encryption (SSE).

    Why it's wrong here

    SSE is enabled by default, not a manual configuration.

  • Use Azure SQL Database Transparent Data Encryption (TDE).

    Why it's wrong here

    TDE is for SQL databases, not Table Storage.

  • Implement client-side encryption before storing data.

    Why it's wrong here

    Client-side encryption is optional; server-side encryption is default.

Common exam traps

Common exam trap: answer the scenario, not the keyword

The trap here is that candidates may think encryption at rest requires explicit configuration (like enabling SSE or TDE), not realizing that Azure Storage encrypts all data at rest by default, making options B, C, and D unnecessary or incorrect for this specific scenario.

Detailed technical explanation

How to think about this question

Azure Storage encryption at rest uses 256-bit AES encryption, which is FIPS 140-2 compliant, and is applied to all data written to Azure Storage, including blobs, tables, queues, and files. The encryption keys are managed by Microsoft by default, but customers can optionally use customer-managed keys (CMK) in Azure Key Vault for additional control. This encryption is transparent to applications, meaning no code changes or configuration are needed to benefit from it.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A media company stores terabytes of video archives that are accessed once a year for audit purposes. Moving these objects to a cold storage tier (Azure Archive, S3 Glacier, or Google Nearline) costs a fraction of hot storage. Questions like this test whether you understand storage tiers, access frequency tradeoffs, and retrieval latency requirements.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related DP-900 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free DP-900 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this DP-900 question test?

Describe considerations for working with non-relational data on Azure — This question tests Describe considerations for working with non-relational data on Azure — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: No action is required; Azure Storage encrypts data at rest by default. — Azure Table Storage, as part of Azure Storage, automatically encrypts all data at rest using Azure Storage Service Encryption (SSE) with 256-bit AES encryption. This encryption is enabled by default for all new and existing storage accounts, including Table Storage, and cannot be disabled. Therefore, no additional action is required to meet the encryption-at-rest requirement.

What should I do if I get this DP-900 question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Last reviewed: Jun 24, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This DP-900 practice question is part of Courseiva's free Microsoft certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the DP-900 exam.