Exam DP-300 topic 2 question 2 discussion

corrected "With Service Endpoints, traffic still left you vNet and hit the public endpoint of the PaaS resource, with Private Link the PaaS resource sits within your vNet and gets a private IP on your vNet. When you send traffic to the PaaS resource, it does not leave the virtual network." https://samcogan.com/service-endpoints-and-private-link-whats-the-difference/#:~:text=The%20key%20difference%20between%20Private,resource%20into%20your%20virtual%20network.&text=Unlike%20Service%20Endpoints%2C%20Private%20Link,ExpressRoute%2C%20and%20from%20peered%20networks.

It is private link or private endpoint. C is correct.

Private Link fulfils all the requirements - not service endpoint - Service endpoints allow private communication between resources in a VNet and Azure services over Azure’s backbone network. However, they still rely on public endpoints, which conflicts with the requirement to block traffic to the public endpoint of SqlSrv1. Moreover, service endpoints are not as secure as private links since the IP address could still potentially be exposed.

https://samcogan.com/service-endpoints-and-private-link-whats-the-difference/ - "Another key difference with Private Link is that when enabled, you are granting access to a specific PaaS resource in your virtual network. That means you can control egress to PaaS resources. For example, if you wanted to, you could use NSG’s to block access to all Azure SQL databases and then use Private Link to grant access only to your specific Azure SQL Server." so it is private link.

Answer is C: A Private Link is mapped to an instance of a PaaS resource instead of the entire service. Consumers can only connect to the specific resource. Access to any other resource in the service is blocked.

it is Service Endpoint , the key word is "exfiltrating data" , you avoid that with a service endpoint

100% sure B SERIVCE