ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam DP-200 All Questions

View all questions & answers for the DP-200 exam
Go to Exam

Exam DP-200 topic 3 question 10 discussion

Actual exam question from Microsoft's DP-200
Question #: 10
Topic #: 3
[All DP-200 Questions]

DRAG DROP -
You deploy an Azure SQL database named DB1 to an Azure SQL server named SQL1.
Currently, only the server admin has access to DB1.
An Azure Active Directory (Azure AD) group named Analysts contains all the users who must have access to DB1.
You have the following data security requirements:
✑ The Analysts group must have read-only access to all the views and tables in the Sales schema of DB1.
✑ A manager will decide who can access DB1. The manager will not interact directly with DB1.
✑ Users must not have to manage a separate password solely to access DB1.
Which four actions should you perform in sequence to meet the data security requirements? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
Step 1: From the Azure Portal, set the Active Directory admin for SQL1.
Provision an Azure Active Directory administrator for your Azure SQL Database server.
You can provision an Azure Active Directory administrator for your Azure SQL server in the Azure portal and by using PowerShell.
Step 2: On DB1, create a contained user for the Analysts group by using Transact-SQL
Create contained database users in your database mapped to Azure AD identities.
To create an Azure AD-based contained database user (other than the server administrator that owns the database), connect to the database with an Azure AD identity, as a user with at least the ALTER ANY USER permission. Then use the following Transact-SQL syntax:
CREATE USER <Azure_AD_principal_name> FROM EXTERNAL PROVIDER;
Step 3: From Microsoft SQL Server Management Studio (SSMS), sign in to SQL1 by using the account set as the Active Directory admin.
Connect to the user database or data warehouse by using SSMS or SSDT
To confirm the Azure AD administrator is properly set up, connect to the master database using the Azure AD administrator account. To provision an Azure AD- based contained database user (other than the server administrator that owns the database), connect to the database with an Azure AD identity that has access to the database.
Step 4: On DB1, grant the VIEW and SELECT DEFINTION..
References:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication-configure
by gallego82 at April 7, 2021, 1:42 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
gallego82
Highly Voted 4 years, 2 months ago
I think steps two and three need to be swapped, right? Therefore I understand that it would look like this: 1.- Set Active Directory Admin 2.- From SSMS sign in with the account 3.- Create contained user 4.-Grant the SELECT and VIEW DEFINITION Best regards to all!
upvoted 34 times
cadio30
4 years, 1 month ago
Agreed with the propose solution as it requires to authenticate first in SSMS before the creation of "contained users"
upvoted 3 times
...
...
Wendy_DK
Most Recent 4 years, 1 month ago
I agree: 1.- Set Active Directory Admin 2.- From SSMS sign in with the account 3.- Create contained user 4.-Grant the SELECT and VIEW DEFINITION
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel