DP-300(30-60 questions)

 













You have an Azure virtual machine named VM1 on a virtual network named VNet1. Outbound traffic from VM1 to the internet is blocked. You have an Azure SQL database named SqlDb1 on a logical server named SqlSrv1. You need to implement connectivity between VM1 and SqlDb1 to meet the following requirements: ✑ Ensure that all traffic to the public endpoint of SqlSrv1 is blocked. ✑ Minimize the possibility of VM1 exfiltrating data stored in SqlDb1. 


What should you create on VNet1? 

A. a VPN gateway

 B. a service endpoint 

C. a private link

 D. an ExpressRoute gateway


 Correct Answer: C 











You have 40 Azure SQL databases, each for a different customer. All the databases reside on the same Azure SQL Database server. You need to ensure that each customer can only connect to and access their respective database. Which two actions should you perform? Each correct answer presents part of the solution. 

NOTE: Each correct selection is worth one point. A. Implement row-level security (RLS). B. Create users in each database. C. Configure the database firewall. D. Configure the server firewall. E. Create logins in the master database. F. Implement Always Encrypted. 

Correct Answer: BC 


You have an Azure virtual machine named VM1 on a virtual network named VNet1. Outbound traffic from VM1 to the internet is blocked. You have an Azure SQL database named SqlDb1 on a logical server named SqlSrv1. You need to implement connectivity between VM1 and SqlDb1 to meet the following requirements: ✑ Ensure that VM1 cannot connect to any Azure SQL Server other than SqlSrv1. ✑ Restrict network connectivity to SqlSrv1. What should you create on VNet1? 

A. a VPN gateway B. a service endpoint C. a private link D. an ExpressRoute gateway 

Correct Answer: C


You are developing an application that uses Azure Data Lake Storage Gen 2. You need to recommend a solution to grant permissions to a specific application for a limited time period. What should you include in the recommendation? A. role assignments B. account keys C. shared access signatures (SAS) D. Azure Active Directory (Azure AD) identities Correct Answer: C  A shared access signature (SAS) provides secure delegated access to resources in your storage account. With a SAS, you have granular control over how a client can access your data. For example: What resources the client may access. What permissions they have to those resources. How long the SAS is valid. Note: Data Lake Storage Gen2 supports the following authorization mechanisms: ✑ Shared Key authorization ✑ Shared access signature (SAS) authorization ✑ Role-based access control (Azure RBAC) Access control lists (ACL) Data Lake Storage Gen2 supports the following authorization mechanisms: ✑ Shared Key authorization ✑ Shared access signature (SAS) authorization ✑ Role-based access control (Azure RBAC) ✑ Access control lists (ACL) 


Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview 


Question #12 Topic 2 You are designing an enterprise data warehouse in Azure Synapse Analytics that will contain a table named Customers. Customers will contain credit card information. You need to recommend a solution to provide salespeople with the ability to view all the entries in Customers. The solution must prevent all the salespeople from viewing or inferring the credit card information. What should you include in the recommendation? A. row-level security B. data masking C. Always Encrypted D. column-level security


 Correct Answer: B  Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics support dynamic data masking. Dynamic data masking limits sensitive data exposure by masking it to non-privileged users. The Credit card masking method exposes the last four digits of the designated fields and adds a constant string as a prefix in the form of a credit card. Example: XXXX-XXXX-XXXX-1234










You have a data warehouse in Azure Synapse Analytics. You need to ensure that the data in the data warehouse is encrypted at rest. What should you enable? A. Transparent Data Encryption (TDE) B. Advanced Data Security for this database C. Always Encrypted for all columns D. Secure transfer required 

Correct Answer: A  Transparent data encryption (TDE) helps protect Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics against the threat of malicious offline activity by encrypting data at rest.

 Reference: https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-tde-overview


You have an Azure subscription that contains an Azure Data Factory version 2 (V2) data factory named df1. DF1 contains a linked service. You have an Azure Key vault named vault1 that contains an encryption kay named key1. You need to encrypt df1 by using key1. What should you do first? 

A. Disable purge protection on vault1. 
B. Remove the linked service from df1.
 C. Create a self-hosted integration runtime. 
D. Disable soft delete on vault1. 

Correct Answer: B  A customer-managed k



You have an Azure subscription that contains a server named Server1. Server1 hosts two Azure SQL databases named DB1 and DB2. You plan to deploy a Windows app named App1 that will authenticate to DB2 by using SQL authentication. You need to ensure that App1 can access DB2. The solution must meet the following requirements: ✑ App1 must be able to view only DB2. ✑ Administrative effort must be minimized. What should you create? A. a contained database user for App1 on DB2 B. a login for App1 on Server1 C. a contained database user from an external provider for App1 on DB2 D. a contained database user from a Windows login for App1 on DB2 Correct Answer: A  Reference: https://docs.microsoft.com/en-us/sql/relational-databases/security/contained-database-users-making-your-database-portable?view=sqlserver-ver15




You create five Azure SQL Database instances on the same logical server. In each database, you create a user for an Azure Active Directory (Azure AD) user named User1. User1 attempts to connect to the logical server by using Azure Data Studio and receives a login error. You need to ensure that when User1 connects to the logical server by using Azure Data Studio, User1 can see all the databases. What should you do? A. Create User1 in the master database. B. Assign User1 the db_datareader role for the master database. C. Assign User1 the db_datareader role for the databases that User1 creates. D. Grant SELECT on sys.databases to public in the master database. Correct Answer: A  Reference: https://docs.microsoft.com/en-us/azure/azure-sql/database/logins-create-manage


















Comments

  1. jwalaMarch 8, 2023 at 2:47 AM

    Hey! please share the pdf if possible. My email id is venkatajwala16@gmail.com

    ReplyDelete

Post a Comment

Popular posts from this blog

renewal of DP-300 exam questions

Image
  According to Microsoft SQL Server configuration best practices, what should you do to configure cach According to Microsoft SQL Server configuration best practices, what should you do to configure caching on volumes that host log files? Select only one answer. Enable read caching only. Enable write caching only. Enable read and write caching. Disable all caching. You plan to deploy Microsoft SQL Server 2019 to an Azure virtual machine that has eight CPUs and four disks. You expect that SQL Server will run tempdb heavy-workloads. You need to optimize the performance of tempdb. What should you do? Select only one answer. Store tempdb in eight files of the same size. Store tempdb in four files. Configure one of the files to have the size matching the amount of memory allocated to SQL Server. Enable trace flag 1117. Enable trace flag 1118. : You plan to implement SQL Server on an Azure virtual machine that has managed disks. You need to ensure that the virtual machine disks hosting t...
Read more

DP-300 dumps

Image
 Question #1 Topic 1 You have 20 Azure SQL databases provisioned by using the vCore purchasing model. You plan to create an Azure SQL Database elastic pool and add the 20 databases. Which three metrics should you use to size the elastic pool to meet the demands of your workload? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. total size of all the databases B. geo-replication support C. number of concurrently peaking databases * peak CPU utilization per database D. maximum number of concurrent sessions for all the databases E. total number of databases * average CPU utilization per database Correct Answer: ACE  CE: Estimate the vCores needed for the pool as follows: For vCore-based purchasing model: MAX(<Total number of DBs X average vCore utilization per DB>, <Number of concurrently peaking DBs X Peak vCore utilization per DB) A: Estimate the storage space needed for the pool by adding the number of bytes needed for ...
Read more