Exam DP-300 topic 2 question 7 discussion

The key is "only connect to and access their respective database", which means Contained DB's. In that case creating in each DB is the right choice.

correct

B,C - isolate the customers from each other using the database-level firewall rules, and also create separate contained database users for each customer in each database

https://learn.microsoft.com/en-us/azure/azure-sql/database/firewall-configure?view=azuresql#server-level-versus-database-level-ip-firewall-rules

BC

I would go for BC. Not A as that implies access to the database itself. B is an obvious requirement for customer to access own database. C allows control of ip addresses or ports or ranges to restrict access to the correct user. D is for server-level control not individual databases. Not E as master database login is server-level access not individual database. Not F as encryption does not address access.

Logins in the master database are necessary for authenticating users at the server level. Without a login, a user cannot connect to the SQL server to access any database. Once authenticated, the login is mapped to a user within a specific database. This mapping allows the user to access only the database for which they have been granted permissions. While firewalls can restrict access to specific IP addresses, they do not inherently differentiate between different databases on the same server. Firewalls control network access rather than database-specific access.

Answer is correct. You need to create Logins in the master database and create a user for each database linked to its Login "CRETE USER user1 FOR LOGIN enterprise1" on database 1 "CREATE USER user2 FOR LOGIN enterprise2" on database2" ecc. The question doesn't talk about IP address limitation, so there is no need to configure Firewall

Bing Chat Result: To ensure that each customer can only connect to and access their respective database, you should perform the following two actions: Create users in each database. This will allow you to grant permissions to specific users for accessing their respective databases 1. Configure the database firewall. This will enable you to restrict access to each database by configuring the firewall rules for each database 2. Please note that this is a high-level answer and there may be other factors to consider when implementing security for your Azure SQL databases. I recommend consulting the Azure SQL Database documentation for more information.

B. Create users in each database. E. Create logins in the master database. Under the section "Create accounts for non-administrator users" https://learn.microsoft.com/en-us/azure/azure-sql/database/logins-create-manage?view=azuresql

it really is coorect - you need to create logins (master db by default, there is no way around) and database users associated to those logins.

My opinion

To ensure that each customer can only connect to and access their respective database in Azure SQL, you should perform the following two actions: B. Create users in each database: Creating separate users for each customer in their respective databases allows you to control access at the database level. Each user will have its own set of permissions and can only connect to and access their assigned database. C. Configure the database firewall: The database firewall provides an additional layer of security by controlling the incoming connections to the Azure SQL Database server. By configuring the database firewall, you can define IP address ranges or individual IP addresses that are allowed to connect to each database. This ensures that only authorized connections from specific sources can access the databases. Therefore, the correct actions to perform are B. Create users in each database and C. Configure the database firewall.

BE, logins mapped to the specific users in respective DBs would fulfill the requirement here.

my answer

because you can only create and manage database-level IP firewall rules for master and user databases by using Transact-SQL statements and only after you configure the first server-level firewall. therefore i think the answer is correct

B. Create users in each database: For each database, create a user that corresponds to the login that the customer will use to connect to their database. This will allow you to control which login has access to which database. C. Configure the database firewall: Configure the database firewall to allow only connections from the IP addresses or IP address ranges that correspond to the customers who are authorized to access each database