You have an Azure subscription that contains four Azure SQL managed instances. You need to evaluate the vulnerability of the managed instances to SQL injection attacks. What should you do first?
A.
Create an Azure Sentinel workspace.
B.
Enable Advanced Data Security.
C.
Add the SQL Health Check solution to Azure Monitor.
D.
Create an Azure Advanced Threat Protection (ATP) instance.
the answer is correct. see https://www.sqlshack.com/advanced-data-security-in-azure-sql-database-data-discovery-classification/
however this feature has been renamed by Microsoft to Azure Defender for SQL
Advanced Threat Protection is part of the Microsoft Defender for SQL offering, which is a unified package for advanced SQL security capabilities. Advanced Threat Protection can be accessed and managed via the central Microsoft Defender for SQL portal.
https://docs.microsoft.com/en-gb/azure/azure-sql/database/azure-defender-for-sql
I would go for D. "Advanced Threat Protection provides a new layer of security, which enables customers to detect and respond to potential threats as they occur by providing security alerts on anomalous activities. Users receive an alert upon suspicious database activities, potential vulnerabilities, and SQL injection attacks, as well as anomalous database access and queries patterns."
Source: https://docs.microsoft.com/en-gb/azure/azure-sql/database/threat-detection-overview
Azure Advanced Threat Protection (now called Defender for Identity) is a monitoring service for your on premise Active Directory and does not protect SQL instances.
So D can not be correct.
https://docs.microsoft.com/en-us/defender-for-identity/what-is
Both B and D is correct, considering what should be first, it should probably be B
https://learn.microsoft.com/en-us/answers/questions/410488/azure-sql-advanced-data-security-vs-azure-defender#:~:text=.%20When%20you%20enable%20SQL%20ADS%20then%20you%20enable%20all%20of%20these%20included%20features%20like%20Data%20Discovery%20%26%20Classification%2C%20Vulnerability%20Assessment%20and%20Advanced%20Threat%20Protection%20and%20you%20can%20enable%20the%20Auditing%20as%20well.
Should be B even though name has changed to Defender for SQL:
"What are the benefits of Microsoft Defender for SQL?
Microsoft Defender for SQL provides a set of advanced SQL security capabilities, including SQL Vulnerability Assessment and Advanced Threat Protection."
https://learn.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql?view=azuresql
ADS . Just google azure advanced data security. atp is included in it.
ref:https://azure.microsoft.com/en-au/updates/advanced-data-security-for-sql-servers-on-azure-virtual-machines/
It's B for sure.
Advanced Data Security is a set of tool (including ATP which is for monitoring).
Another feature of ADS is Vulnerability assesment. This part is asked for this question.
Advanced Threat Protection provides a new layer of security, which enables customers to detect and respond to potential threats as they occur by providing security alerts on anomalous activities. Users receive an alert upon suspicious database activities, potential vulnerabilities, and SQL injection attacks, as well as anomalous database access and queries patterns. Advanced Threat Protection integrates alerts with Microsoft Defender for Cloud, which include details of suspicious activity and recommend action on how to investigate and mitigate the threat. Advanced Threat Protection makes it simple to address potential threats to the database without the need to be a security expert or manage advanced security monitoring systems.
D is the Answer, you can enable Defender at Subscription level for all databases or each database level under security.
https://docs.microsoft.com/en-gb/azure/azure-sql/database/azure-defender-for-sql?view=azuresql
Answer is correct. https://azure.microsoft.com/en-us/updates/advanced-data-security-for-sql-servers-on-azure-virtual-machines/
Microsoft Defender for Cloud provides a set of advanced SQL security capabilities, including SQL Vulnerability Assessment and Advanced Threat Protection. Is Microsoft Defender for Cloud that provides vulnerability assessment and not ATP. ATP is used to detects anomalous activities.
This section is not available anymore. Please use the main Exam Page.AZ-500 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ttomaszoex
Highly Voted 3 years, 4 months agoJCWF
3 years, 3 months agoAli1982
2 years, 5 months agoNarragr
Highly Voted 3 years, 3 months agolollo1234
2 years, 9 months agotomchan2417
Most Recent 1 week, 3 days agowardy1983
7 months, 3 weeks agoTheProfessor
8 months, 3 weeks agoESAJRR
9 months, 3 weeks agomajstor86
1 year, 3 months agotutonata
1 year, 3 months agoPrabby
1 year, 5 months agokoreshio
1 year, 8 months agowsrudmen
1 year, 8 months agoJoci82
1 year, 9 months agoDavidf
1 year, 11 months agoflybywire61
1 year, 8 months agoAmit3
1 year, 11 months agoAmit3
1 year, 11 months agotnagy
1 year, 11 months agoDaniel76
2 years agoJanusguru
2 years ago