Exam AZ-700 All QuestionsBrowse all questions from this exam
Go to Exam
Question 64

DRAG DROP

-

You have an Azure subscription that contains a virtual network named Vnet1 and an Azure SQL database named SQL1. SQL1 has a private endpoint on Vnet1.

You have a partner company named Fabrikam, Inc. Fabrikam has an Azure subscription that contains a virtual network named Vnet2 and a virtual machine named VM1. VM1 is connected to Vnet2.

You need to provide VM1 with access to SQL1 by using an Azure Private Link service.

What should you implement on each virtual network? To answer, drag the appropriate resources to the correct virtual networks. Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

    Correct Answer:

Discussion
Wis10

Correct Answer: - Vnet1 = Standard Load Balancer - Vnet2 = Private Endpoint Justification: https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview#workflow

asdasd123123iu

Agree, SQL already have private endpoint so we need load balancer in VNET1 and private link in VNET2.

RabbitB

But question said you need to use an Azure Private Link service.

TheBlob

An Azure SQL database (PaaS) does not support Private Link Service. You need a private endpoint instead. This question is a bit tricky. You mainly use a private link service for resources that don't support private endpoints, like apps hosted on VMs (IaaS). That is why you would need a load balancer (IaaS) for such requirement.

DavidSapery

https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview indicates that a Load Balancer is needed on the SQL side (vnet1) and a Private Endpoint on the VM side (vnet2).

amt2022

Correct answer - VNET1 = Standard LB -VNET2 = Private EndPoint Check this sample from MS. https://learn.microsoft.com/en-us/azure/private-link/create-private-link-service-powershell

4729

VNET1: Private Link VNET2: Private Endpoint

ronin201

wrong answer: Vnet1 already has private enpoint. peering links in both vnets must be created

DerekKey

VNet 1: Load Balancer VNet 2: Private Endpoint Microsoft docs: https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview

Azused

Correct Answer: - Vnet1 = Standard Load Balancer - Vnet2 = Private Endpoint https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview#workflow

ronin201

I have the same config (only posgreSQL) I have private endpoint and 2 peering links in 2 networks, the current description already has private endpoint.

GBAU

While I thought this was the answer as it would work, I think the question is testing knowledge of private link services, where only specific services are provided across the private link, not access to the full vNet.

AzureLearner01

To establish the private link service you need a load balancer in VNet 1 and for sure the private link service resource. In the partner company tenant you need an private endpoint that connects to this private link service. To answer the question correctly we might answer to create standard load balancer and private link service in vnet1 an pe in vnet2.

tester2023

VNET1: Peering Link VNET2: Peering Link The question notes a Private Endpoint is already configured on the SQL Server (PaaS) resource. As such, vNet peering will allow the VM on vNet 2 to reach the database on vNet 1. A private endpoint is part of the Private Link Service (https://learn.microsoft.com/en-us/azure/private-link/private-link-faq#what-is-azure-private-endpoint-and-azure-private-link-service-) For those selecting Load Balancer, you are correct it requires a Private Link Service (PLS), but that isn't one of the available answers. Also, a PLS requires a VM or VM Scale Set Load Balancer backend pool (see https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview ). Testing revealed I couldn't use the private IP address of the SQL PaaS server private endpoint for the PLS.

flurgen248

The prompt says "You need to provide VM1 with access to SQL1 by using an Azure Private Link service." A private link service requires a load balancer. VNET1: Load Balancer VNET2: Private Endpoint https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview

lingxian

I would agree with this. How to use an LB with the Azure SQL database as a backend? We have already the private endpoint in VNet1, setting up peering should be enough for VMs in VNet2 talking to the SQL service.

KeenOnTech

As we have a Private Endpoint in VNet-1, the LB is already installed at SQL subnet. All is needed is to allow VM @Vnet2 access PE @Vnet1. Peering is all is needed: "The private endpoint can be reached from globally peered virtual networks and on premises using private VPN or ExpressRoute connections." https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview#details

Lazylinux

Given answer is WRONG - For sure as others pointed out Vnet1 - STD LB used to allow access to backend pool that allows access to resources, also NAT GWY is deployed Vnet2 - PE - private end point

mjk666

The question here is how should we put the Azure SQL Database behind the load balancer, we already have an endpoint in the Vnet1 which we don't need then. if it was SQL Server on VMs without endpoint the deploying SLB and PE would make sense

Ayokun

Load balancer Private Link https://learn.microsoft.com/it-it/azure/private-link/private-link-overview

Ayokun

Sorry i correct "You need to provide VM1 with access to SQL1 by using an Azure Private Link service" hence it is required the last part of the config which is a private endpoint on VM1 LB Private Endpoint

chatlisi

VNET1 - Azure Load Balancer - your existing service must be behind a load balancer VNET2 - Private link