ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam DP-300 All Questions

View all questions & answers for the DP-300 exam
Go to Exam

Exam DP-300 topic 2 question 52 discussion

Actual exam question from Microsoft's DP-300
Question #: 52
Topic #: 2
[All DP-300 Questions]

HOTSPOT
-

You have an Azure SQL database named DB1.

You have 10 Azure virtual machines that connect to a virtual network subnet named Subnet1.

You need to implement a database-level firewall that meets the following requirements:

• Ensures that only the 10 virtual machines can access DB1
• Follows the principle of least privilege

How should you configure the firewall rule, and how should you establish network connectivity from the virtual machines to DB1?

To answer, select the appropriate options in the answer area.

Show Suggested Answer Hide Answer
Suggested Answer:
by Misawakazuki at Oct. 10, 2024, 11:50 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Misawakazuki
Highly Voted 9 months ago
Firewall Rule C) Allow traffic from a specific Virtual Network This option is the most secure and aligns with the principle of least privilege by restricting access to only the specified virtual network, which contains your VMs. By allowing traffic from a specific Virtual Network, you ensure that only resources within that network can access the database, minimizing exposure to unauthorized access. Network Connectivity B) Create a private endpoint Creating a private endpoint allows secure connectivity to DB1 from your VMs over the Azure backbone network. This method ensures that traffic does not traverse the public internet, enhancing security and performance. It also simplifies network management by using private IP addresses for communication.
upvoted 8 times
2f5c7cd
8 months, 3 weeks ago
https://learn.microsoft.com/en-us/azure/azure-sql/database/network-access-controls-overview?view=azuresql
upvoted 1 times
...
...
voodoo_sh
Most Recent 7 months, 3 weeks ago
Network Connectivity: Private Endpoint, so DB1 can get a private IP address in target virtual network and Subnet. Firewall Rule: use the Allow traffic from a specific Virtual Network use the sp_set_database_firewall_rule to add 10 rules for private IP addresses of 10 virtual machines that are hosted in a Subnet (or add a range, for example 10.0.0.1 to 10.0.0.10)
upvoted 1 times
voodoo_sh
4 months, 1 week ago
I've tested it and changed my mind: Firewall Rule: use the Allow traffic from a specific Virtual Network Network Connectivity: Service Endpoint Because creating firewall rule for virtual network requires creating a service endpoint in that virtual network.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel