ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam DP-300 All Questions

View all questions & answers for the DP-300 exam
Go to Exam

Exam DP-300 topic 2 question 24 discussion

Actual exam question from Microsoft's DP-300
Question #: 24
Topic #: 2
[All DP-300 Questions]

You have an Azure SQL database named DB1.
A user named User1 has an Azure Active Directory (Azure AD) account.
You need to provide User1 with the ability to add and remove columns from the tables in DB1. The solution must use the principle of least privilege.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Assign the database user the db_owner role.
  • B. Create a contained database user.
  • C. Create a login and an associated database user.
  • D. Assign the database user the db_ddladmin role.
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️
by lukelin08 at Sept. 19, 2022, 4:11 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
lukelin08
Highly Voted 2 years, 1 month ago
D is correct. However, you could also select B or C because User1 has an Azure Active Directory (Azure AD) account. So you could create a contained database user with the Azure AD account, or you could create a Login and User with the Azure AD account. Since principal of least privilege is mentioned, wouldnt a contained Azure AD User be the better option?
upvoted 10 times
Saffar
1 year, 12 months ago
That right, but no where in the question stating that the SQL server is authenticating users through AD. It just saying that user have AD account, which means nothing to the server. So by default and based on little server info provided, you need to create login and User, as we don't know if SQL server is using AD Auth or not
upvoted 3 times
amazonalex
1 year, 6 months ago
agreed. also the least privilege requirement might have been simply to rule out option A(which would enable user to perform the required task, but not meet least priv. requirement)
upvoted 1 times
...
...
...
Fer079
Highly Voted 1 year, 10 months ago
Selected Answer: BD
As the solution must use the principle of least privilege then we should create a contained DB user (we can do it using an AD account or using SQL Server authentication due to both are allowed to create contained DB users)
upvoted 8 times
...
sca88
Most Recent 6 months, 3 weeks ago
Selected Answer: BD
B and D are the correct answer. With the contained database user satisfy the request of the least privilege ( B) The role db_ddladmin si more selective than db_owner, so D is correct.
upvoted 1 times
...
KIET2131
1 year, 8 months ago
B. Create a contained database user. D. Assign the database user the db_ddladmin role.
upvoted 6 times
...
BrenFa101
1 year, 9 months ago
Selected Answer: BD
BD is the correct answer. Least privilege means the user should not be associated with a master db login. When connecting to the database his connection string must include the database so he goes directly to the db rather than logging into the server.
upvoted 5 times
...
OneplusOne
1 year, 10 months ago
Note As Microsoft evolves the SQL Database service and moves towards higher guaranteed SLAs you may be required to switch to the contained database user model and database-scoped firewall rules to attain the higher availability SLA and higher max login rates for a given database. Microsoft encourage you to consider such changes today. https://learn.microsoft.com/en-us/sql/relational-databases/security/contained-database-users-making-your-database-portable?view=sql-server-ver16
upvoted 1 times
...
raavilam
1 year, 11 months ago
I also agree with lukelin08
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago