Suggested Answer:A🗳️
Scenario: Ensure that the analytical data store is accessible only to the company's on-premises network and Azure services. Virtual network rules are one firewall security feature that controls whether the database server for your single databases and elastic pool in Azure SQL Database or for your databases in SQL Data Warehouse accepts communications that are sent from particular subnets in virtual networks. Server-level, not database-level: Each virtual network rule applies to your whole Azure SQL Database server, not just to one particular database on the server. In other words, virtual network rule applies at the server-level, not at the database-level. Reference: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-vnet-service-endpoint-rule-overview
I think that corrcet response should be D because this "Litware does not plan to implement Azure ExpressRoute or a VPN between the on-premises network and Azure"
The answer should be A which is implementing VNet for SQL database server level. VNet is not "Azure ExpressRoute or a VPN between the on-premises and Azure".
Azure is a Paas and there is no way to implement vNet for a SQL database unless you're using a Private Link, which is not mentioned in the question. So the answer should be D.
Ans : D
"By default, Azure service resources secured to virtual networks aren't reachable from on-premises networks. If you want to allow traffic from on-premises, you must also allow public (typically, NAT) IP addresses from your on-premises or ExpressRoute. You can add these IP addresses through the IP firewall configuration for Azure service resources."
ref: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
Virtual network rules are one firewall security feature that controls whether the server for your databases and elastic pools in Azure SQL Database or for your databases in Azure Synapse accepts communications that are sent from particular subnets in virtual networks
A is correct
No it's not. How would you peer you virtual network with the on premise network? You need someway to tie them together. Virtual network rule only makes sense if you have some gateway in azure as well. Or EspressRoute
Azure Synapse only supports server-level IP firewall rules. It doesn't support database-level IP firewall rules. https://docs.microsoft.com/en-us/azure/azure-sql/database/firewall-configure
Important
This article does not apply to Azure SQL Managed Instance. For information about network configuration, see Connect your application to Azure SQL Managed Instance.
>>>>>>>>>>>
Azure Synapse only supports server-level IP firewall rules. It doesn't support database-level IP firewall rules.
The answer is correct according to https://docs.microsoft.com/en-us/azure/azure-sql/database/vnet-service-endpoint-rule-overview.
In particular there is one point that says: On the firewall, IP address ranges do apply to the following networking items, but virtual network rules do not:
Site-to-Site (S2S) virtual private network (VPN)
On-premises via ExpressRoute
And the brief clearly said not to use Express Route and VPN
Vpn and Vnet are two different things, The former is a gateway to establish a secure and encrypted connection whereas Vnet is a logical isolation of the Azure cloud dedicated to your subscription and completely private. If 'outside users' implies the user over the public domain then Vnet is the right approach.
How users from on-premises would connect to the database with server-level virtual network rule? Nowhere in the documentation it is said that VNet is a valid configuration to give the on-premises network access to the database? -> D is the answer
The answer is correct.
According to the scenario: "Ensure that the analytical data store is accessible only to the company's on-premises network and Azure services."
For users outside on-premise, they should only access data through other Azure services. In that case, VNET rule should be better choice. It's difficult to use server level firewall rule to manage network access from other Azure services by IP addresses.
To use vNet for on premise users, you need some kind of VPN solution - to join on premise network with Azure network. And as clear stated , no VPN here. So Server level firewall that will whitelist on premise address space will do.
D should be the clear answer.
IP firewall rules: Use this feature to explicitly allow connections from a specific IP address, for example from on-premises machines
Virtual Network firewall rules: Use this feature to allow traffic from a specific Virtual Network within the Azure boundary
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-networkaccess-overview
Agree, it should be Server Level IP rule, https://docs.microsoft.com/en-us/azure/sql-database/sql-database-networkaccess-overview
upvoted 5 times
...
This section is not available anymore. Please use the main Exam Page.DP-201 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
nelson000
Highly Voted 5 years, 4 months agoLuke97
Highly Voted 5 years, 3 months agoTombarc
5 years, 3 months agodavita8
Most Recent 4 years, 3 months agormk4ever
4 years, 3 months agosyu31svc
4 years, 8 months agochaoxes
4 years, 7 months agogroy
4 years, 10 months agoThijsN
4 years, 6 months agooku
5 years agoenvy
5 years agokarma_wins
4 years, 3 months agokarma_wins
4 years, 3 months agokimalto452
3 years, 9 months agoRohit77
5 years agoTommy65
5 years, 1 month agoAbhilvs
5 years, 1 month agoM0e
4 years, 9 months agoAaronZ
5 years, 3 months agoLeonido
5 years, 3 months agoazurearch
5 years, 2 months agoThijsN
4 years, 6 months agoYuri1101
5 years, 3 months agoSam9999
5 years, 4 months ago