Exam DP-300 topic 7 question 19 discussion

C: private endpoints. out of four options, for encryption, both site-to-site VPN and private endpoints provide encryption. For minimizing network latency, virtual network peering and private endpoints offer the best options. Since we need both encryption and minimized latency, private endpoints would be our best choice.

C - Privare endpoint - Private Endpoints: These provide a secure and encrypted connection between your Azure resources over the Azure backbone network. Private endpoints allow you to connect to your Azure SQL Managed Instance (MI1) using a private IP address within your virtual network, without exposing the traffic to the public internet. This solution provides the lowest latency since it stays within Azure’s internal network, and the traffic is encrypted.

The correct answer, of course, is peering. Peering encrypts communications over the Internet and makes communications transparent between VNETs in different regions, which is the case in this question. Note that there is already a VM on a subnet that already has an IP. You can't add a private endpoint to a VM.... On the other hand, we have a managed instance that also needs to be in a subnet, where it is also not possible to add a private endpoint. The documentation below explains this very well, note that there is no private endpoint for VMs: https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/vnet-existing-add-subnet?view=azuresql

B is the answer

C. private endpoints

I think the answer is correct because using Virtual network peering is without encryption. Virtual network peering No public Internet, gateways, or encryption is required in the communication between the virtual networks. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview

I don't see where private endpoints encrypt traffic?

Answer is correct: https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview