AZ-700 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-700 Exam - Question 64

DRAG DROP

-

You have an Azure subscription that contains a virtual network named Vnet1 and an Azure SQL database named SQL1. SQL1 has a private endpoint on Vnet1.

You have a partner company named Fabrikam, Inc. Fabrikam has an Azure subscription that contains a virtual network named Vnet2 and a virtual machine named VM1. VM1 is connected to Vnet2.

You need to provide VM1 with access to SQL1 by using an Azure Private Link service.

What should you implement on each virtual network? To answer, drag the appropriate resources to the correct virtual networks. Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Show Answer
Correct Answer:

Discussion

14 comments
Sign in to comment
Wis10
Jan 15, 2023

Correct Answer: - Vnet1 = Standard Load Balancer - Vnet2 = Private Endpoint Justification: https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview#workflow

asdasd123123iu
Aug 2, 2023

Agree, SQL already have private endpoint so we need load balancer in VNET1 and private link in VNET2.

RabbitB
May 22, 2024

But question said you need to use an Azure Private Link service.

TheBlob
Jul 20, 2024

An Azure SQL database (PaaS) does not support Private Link Service. You need a private endpoint instead. This question is a bit tricky. You mainly use a private link service for resources that don't support private endpoints, like apps hosted on VMs (IaaS). That is why you would need a load balancer (IaaS) for such requirement.

DavidSapery
Jan 10, 2023

https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview indicates that a Load Balancer is needed on the SQL side (vnet1) and a Private Endpoint on the VM side (vnet2).

amt2022
Jan 22, 2023

Correct answer - VNET1 = Standard LB -VNET2 = Private EndPoint Check this sample from MS. https://learn.microsoft.com/en-us/azure/private-link/create-private-link-service-powershell

4729
Jan 29, 2023

VNET1: Private Link VNET2: Private Endpoint

DerekKey
Jan 10, 2023

VNet 1: Load Balancer VNet 2: Private Endpoint Microsoft docs: https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview

ronin201
Jul 5, 2023

wrong answer: Vnet1 already has private enpoint. peering links in both vnets must be created

tester2023
Jan 30, 2023

VNET1: Peering Link VNET2: Peering Link The question notes a Private Endpoint is already configured on the SQL Server (PaaS) resource. As such, vNet peering will allow the VM on vNet 2 to reach the database on vNet 1. A private endpoint is part of the Private Link Service (https://learn.microsoft.com/en-us/azure/private-link/private-link-faq#what-is-azure-private-endpoint-and-azure-private-link-service-) For those selecting Load Balancer, you are correct it requires a Private Link Service (PLS), but that isn't one of the available answers. Also, a PLS requires a VM or VM Scale Set Load Balancer backend pool (see https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview ). Testing revealed I couldn't use the private IP address of the SQL PaaS server private endpoint for the PLS.

flurgen248
Feb 24, 2023

The prompt says "You need to provide VM1 with access to SQL1 by using an Azure Private Link service." A private link service requires a load balancer. VNET1: Load Balancer VNET2: Private Endpoint https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview

lingxian
Mar 15, 2023

I would agree with this. How to use an LB with the Azure SQL database as a backend? We have already the private endpoint in VNet1, setting up peering should be enough for VMs in VNet2 talking to the SQL service.

KeenOnTech
Sep 13, 2023

As we have a Private Endpoint in VNet-1, the LB is already installed at SQL subnet. All is needed is to allow VM @Vnet2 access PE @Vnet1. Peering is all is needed: "The private endpoint can be reached from globally peered virtual networks and on premises using private VPN or ExpressRoute connections." https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview#details

AzureLearner01
Mar 7, 2023

To establish the private link service you need a load balancer in VNet 1 and for sure the private link service resource. In the partner company tenant you need an private endpoint that connects to this private link service. To answer the question correctly we might answer to create standard load balancer and private link service in vnet1 an pe in vnet2.

ronin201
Jul 5, 2023

I have the same config (only posgreSQL) I have private endpoint and 2 peering links in 2 networks, the current description already has private endpoint.

GBAU
Oct 25, 2023

While I thought this was the answer as it would work, I think the question is testing knowledge of private link services, where only specific services are provided across the private link, not access to the full vNet.

Azused
Sep 7, 2023

Correct Answer: - Vnet1 = Standard Load Balancer - Vnet2 = Private Endpoint https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview#workflow

Lazylinux
Nov 6, 2023

Given answer is WRONG - For sure as others pointed out Vnet1 - STD LB used to allow access to backend pool that allows access to resources, also NAT GWY is deployed Vnet2 - PE - private end point

mjk666
Mar 10, 2024

The question here is how should we put the Azure SQL Database behind the load balancer, we already have an endpoint in the Vnet1 which we don't need then. if it was SQL Server on VMs without endpoint the deploying SLB and PE would make sense

chatlisi
Jan 10, 2023

VNET1 - Azure Load Balancer - your existing service must be behind a load balancer VNET2 - Private link

Ayokun
Mar 2, 2023

Load balancer Private Link https://learn.microsoft.com/it-it/azure/private-link/private-link-overview

Ayokun
Mar 2, 2023

Sorry i correct "You need to provide VM1 with access to SQL1 by using an Azure Private Link service" hence it is required the last part of the config which is a private endpoint on VM1 LB Private Endpoint