Exam AZ-301 topic 3 question 13 discussion

Based on reading the "database" level firewall rules, the correct answer for both should be "Transact SQL". Reference: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure Description: You can only create and manage database-level IP firewall rules for master and user databases by using Transact-SQL statements and only after you configure the first server-level firewall.

For 1: T-SQL and Power shell both are possible but T-SQL is possible only if you login as Server PRincipal or AD Admin.So that would make Power shell as the right option since it requires only one step. For 2: It is T-SQL since that is only mode firewall can be set at the DB level The answers are exactly opposite. Powershell for 1 and T-SQL for 2

Wondering why so many users have discrepancies in the second answer. By the justification shared by AzureGC, the Answer is pretty clear. There is no doubt at all, Based on reading the "database" level firewall rules, the correct answer for both should be "Transact SQL".

we all know for server level we have 4 option but for DB level we have only 1 option T SQL so here we need to undestand for 3 requirement which firewall rule we need. for first requirement as we need to resrtic user at each db it means we need to allow whitelisted user to each db which can not be done at server level as it is less likely each DB user list is same. for second requirement here we also need for each DB hence DB fire wall rules applicable here we need geo replication for failover case which is also DB fire wall rule so after understanding the above requirement i dont see any requirement to set server level IP rule accept it has to be set before setting the DB firewall rule and in order To use Transact-SQL for server level ip, we must connect to the master database as the server-level principal login or as the Azure Active Directory administrator.which info is not avaialable but i assume we are doing all this setup so we should be position to setup the same. so for the option answer should be TSQL as all 3 requirements lead to DB firewall rule there is no single reason to use server firewall rule.

Transact SQL Transact SQL

Both the option should be Transact -SQL

You can only create and manage database-level IP firewall rules for master and user databases by using Transact-SQL statements and only after you configure the first server-level firewall. Ref : docs.microsoft.com/en-us/azure/azure-sql/database/firewall-configure So for box 2 , the correct answer is T-SQL

T-SQL for user access management within Database Powershell for Desired State configuration so answer is T-SQL Powershell

Both answer should we Transact SQL

Configure user access by using: > T-SQL As the databases will be configured to use active geo-replication we should prefer "contained user accounts", which can be configured via T-SQL. https://docs.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?tabs=azure-powershell#create-contained-users-mapped-to-azure-ad-identities Configure database-level firewall rules by using: > T-SQL Quote from: https://docs.microsoft.com/en-us/azure/azure-sql/database/firewall-configure "You can only create and manage database-level IP firewall rules for master and user databases by using Transact-SQL statements and only after you configure the first server-level firewall."

https://docs.microsoft.com/en-us/azure/azure-sql/database/secure-database-tutorial Database-level firewall rules can only be configured using Transact-SQL (T-SQL) statements, and only after you've configured a server-level firewall rule.

1- T-SQL 2- T-SQL

Setup database firewall rules Database-level firewall rules only apply to individual databases. The database will retain these rules during a server failover. Database-level firewall rules can only be configured using Transact-SQL (T-SQL) statements, and only after you've configured a server-level firewall rule. https://docs.microsoft.com/en-us/azure/azure-sql/database/secure-database-tutorial

Both box should be "Transact SQL"

User access level can be done via REST api and T-SQL DBA level firewall can be done via T-SQL

From below links: https://docs.microsoft.com/en-us/azure/azure-sql/database/logical-servers https://docs.microsoft.com/en-us/azure/azure-sql/database/logins-create-manage https://docs.microsoft.com/en-us/sql/t-sql/statements/create-user-transact-sql?view=sql-server-ver15#examples https://docs.microsoft.com/en-us/azure/azure-sql/database/secure-database-tutorial you can create server level firewall using all three mentioned methods but you can create database level firewall using only "Transact SQL" Because the databases are using active geo replication, you need to create "contained users" to access the databases and this also is done through "Transact SQL" So the right answer is" 1) T-SQL 2) T-SQL

I will go with 1) Powershell 2)T-SQL