DP-200 Exam - Question 127

Question

You have an Azure SQL server named Server1 that hosts two development databases named DB1 and DB2.

You have an administrative workstation that has an IP address of 192.168.8.8. The development team at your company has an IP addresses in the range of

192.168.8.1 to 192.168.8.5.

You need to set up firewall rules to meet the following requirements:

✑ Allows connection from your workstation to both databases.

✑ The development team must be able connect to DB1 but must be prevented from connecting to DB2.

✑ Web services running in Azure must be able to connect to DB1 but must be prevented from connecting to DB2.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Examice · Accepted Answer

To fulfill the requirements, you should take the following actions: 1) Create a firewall rule on DB1 that has a start IP address of 192.168.8.1 and an end IP address of 192.168.8.5, allowing the development team to connect to DB1. 2) Create a firewall rule on DB1 that has a start and end IP address of 0.0.0.0, which permits web services running in Azure to connect to DB1. 3) Create a firewall rule on Server1 that has a start and end IP address of 192.168.8.8, allowing your administrative workstation to connect to both databases. This setup ensures the development team has access to DB1 but not DB2, web services can connect to DB1, and your workstation has access to both DB1 and DB2.

SidN · Answer

ABE should be the correct answer.  (C will allows developers to connect to DB2 as well)

diulin · Answer

ABE
B:
  "When you add a database-level firewall setting where the beginning and ending IP addresses are equal to 0.0.0.0, you enable access to your database in the SQL Database server from any Azure resource."

src: https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-set-database-firewall-rule-azure-sql-database

Sudipta3009 · Answer

Exactly, ABE should be the correct answer

NabilR · Answer

I will say ADE

KpKo · Answer

Agreed, ABE should be the correct answer.

cadio30 · Answer

ABE is the appropriate answers

A - allows the development team to access only the database level and this can only be configure using T-SQL and not from the azure portal

B - the ip address 0.0.0.0 allows the connection between azure services in which there is an option in the SQL Server firewall to toggle this feature

E - this is no suprise as the administrator requires to whitelist his ip address to manage both databases

yilpiz · Answer

Aren't A & B enough? Why 3?

M0e · Answer

C is definitely incorrect. 0.0.0.0 is the placeholder for Azure IP addresses.

maynard13x8 · Answer

"If you specify an IP address range in the database-level IP firewall rule that's outside the range in the server-level IP firewall rule, only those clients that have IP addresses in the database-level range can access the database."
https://docs.microsoft.com/en-us/azure/azure-sql/database/firewall-configure

If select ABE, are you giving access to DB1 to ip xxxxxx.8 by the rule 0.0.0.0 (option B)?

watata · Answer

it should be ABD

MKJOHN · Answer

The answer should be ABE. Please correct this or explain why, thanks.

Wendy_DK · Answer

ABE should be the correct answer

DP-200 Exam - Question 127

Discussion