Exam DP-800 Topic 1 Question 28 Discussion

Actual exam question for Microsoft's DP-800 exam
Question #: 28
Topic #: 1
Your development team uses GitHub Copilot Chat in Microsoft SQL Server Management Studio (SSMS) to generate and run Transact-SQL queries against an Azure SQL database named DB1 DB1 contains tables that store sensitive customer data.
You need to ensure that any Transact SQL queries that run from GitHub Copilot Chat In SSMS are restricted by the same permissions as the developer ' s database login.
What prevents the GitHub Copilot Chat-run queries from accessing data beyond the developer ' s access?

Suggested Answer: B Vote an answer

The correct answer is B . Microsoft's SSMS Copilot documentation states that queries from Copilot in SSMS are executed under the context of the user's login and permissions , and that there are no separate permissions for Copilot in SSMS . That means Copilot-run Transact-SQL cannot access more data than the developer's own database principal is already allowed to access.
That is why the other options are incorrect:
* A is wrong because Copilot does not use a separate read-only sandbox in place of database permissions.
* C is wrong because enforcement is not a client-side filtering trick; it is enforced by the database security context of the current login.
* D is wrong because Copilot does not apply a different RLS model from the developer; it simply runs under the same login context.
So the security boundary is the developer's existing database identity and permissions .

by Richard at Jul 16, 2026, 01:04 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10