Exam SC-100 topic 4 question 4 discussion

Right answer. Link to official docs for reliable information. https://docs.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections

Answer is the correct answer https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections#how-it-works

For allowing Azure App Service web apps to access Microsoft SQL Server databases on the on-premises network while minimizing the number of open internet-accessible endpoints, you should include in your recommendation: B. Hybrid Connections Hybrid Connections is a feature in Azure App Service that provides a way to access application resources in other networks. It uses a secure, outbound-only connection that doesn’t require opening inbound ports to your on-premises network. This makes it a suitable choice for accessing on-premises databases without exposing additional internet-accessible endpoints.

B is the answer. https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections Within App Service, Hybrid Connections can be used to access application resources in any network that can make outbound calls to Azure over port 443. Hybrid Connections provides access from your app to a TCP endpoint and doesn't enable a new way to access your app. As used in App Service, each Hybrid Connection correlates to a single TCP host and port combination. This enables your apps to access resources on any OS, provided it's a TCP endpoint. The Hybrid Connections feature doesn't know or care what the application protocol is, or what you are accessing. It simply provides network access.

The answer is D

D. A private endpoint should be included in the recommendation. Private endpoints provide secure access to Azure Services over a private endpoint in your virtual network. Using a private endpoint, you can access Azure services such as Azure Storage, Azure Cosmos DB, Azure SQL Database, and others over a private IP address in your virtual network. With a private endpoint, traffic between your virtual network and the Azure service travels over the Microsoft backbone network, eliminating exposure from the public internet. In this scenario, using a private endpoint for the Microsoft SQL Server databases on the on-premises network would provide a secure connection between the web apps and the databases without requiring a Site-to-Site VPN or an ExpressRoute connection. This would minimize the number of open internet-accessible endpoints to the on-premises network, which would help enhance security.