You are designing a security model for an Azure Synapse Analytics dedicated SQL pool that will support multiple companies. You need to ensure that users from each company can view only the data of their respective company. Which two objects should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

D. a custom role-based access control (RBAC) role

You have an Azure subscription that contains an Azure Data Factory version 2 (V2) data factory named df1. DF1 contains a linked service. You have an Azure Key vault named vault1 that contains an encryption kay named key1. You need to encrypt df1 by using key1. What should you do first?

Remove the linked service from df1.

Disable purge protection on vault1.

Create a self-hosted integration runtime.

You have an Azure subscription that contains a server named Server1. Server1 hosts two Azure SQL databases named DB1 and DB2. You plan to deploy a Windows app named App1 that will authenticate to DB2 by using SQL authentication. You need to ensure that App1 can access DB2. The solution must meet the following requirements: ✑ App1 must be able to view only DB2. ✑ Administrative effort must be minimized. What should you create?

A. a contained database user for App1 on DB2

C. a contained database user from an external provider for App1 on DB2

D. a contained database user from a Windows login for App1 on DB2

You create five Azure SQL Database instances on the same logical server. In each database, you create a user for an Azure Active Directory (Azure AD) user named User1. User1 attempts to connect to the logical server by using Azure Data Studio and receives a login error. You need to ensure that when User1 connects to the logical server by using Azure Data Studio, User1 can see all the databases. What should you do?

A. Create User1 in the master database.

B. Assign User1 the db_datareader role for the master database.

C. Assign User1 the db_datareader role for the databases that User1 creates.

D. Grant SELECT on sys.databases to public in the master database.

You have an on-premises Microsoft SQL Server 2019 instance named SQL1 that hosts a database named db1. You have an Azure subscription that contains an Azure SQL managed instance named MI1 and an Azure Storage account named storage1. You plan to migrate db1 to MI1 by using the backup and restore process. You need to ensure that you can back up db1 to storage1. The solution must meet the following requirements: ✑ Use block blob storage. ✑ Maximize security. What should you do on storage1?

D. Enable infrastructure encryption.

A. Generate a shared access signature (SAS).

You have an Azure SQL database named DB1. A user named User1 has an Azure Active Directory (Azure AD) account. You need to provide User1 with the ability to add and remove columns from the tables in DB1. The solution must use the principle of least privilege. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

C. Create a login and an associated database user.

D. Assign the database user the db_ddladmin role.

A. Assign the database user the db_owner role.

B. Create a contained database user.

You have an instance of SQL Server on Azure Virtual Machines named VM1. You plan to schedule a SQL Server Agent job that will rebuild indexes of the databases hosted on VM1. You need to configure the account that will be used by the agent. The solution must use the principle of least privilege. Which operating system user right should you assign to the account?

A. Increase scheduling priority

Your on-premises network contains a server that hosts a 60-TB database named DB1. The network has a 10-Mbps internet connection. You need to migrate DB1 to Azure. The solution must minimize how long it takes to migrate the database. What should you use?

C. Azure Database Migration Service

D. Data Migration Assistant (DMA)

You have an Azure SQL database named DB1. You need to encrypt DB1. The solution must meet the following requirements: • Encrypt data in motion. • Support comparison operators. • Provide randomized encryption. What should you include in the solution?

A. Always Encrypted with secure enclaves

D. Transparent Data Encryption (TDE)

You have an Azure SQL database named sqldb1. You need to minimize the possibility of Query Store transitioning to a read-only state. What should you do?

B. Decrease by half the value of Data Flush Interval

A. Double the value of Data Flush interval

C. Double the value of Statistics Collection Interval

D. Decrease by half the value of Statistics Collection interval

DP300 Topic 2 Quiz 3

Authored by Faith Muwishi

Computers

Professional Development

Used 5+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

22 questions

Show all answers

MULTIPLE SELECT QUESTION

45 sec • 3 pts

You have a new Azure SQL database. The database contains a column that stores confidential information.
You need to track each time values from the column are returned in a query. The tracking information must be stored for 365 days from the date
the query was executed.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Turn on auditing and write audit logs to an Azure Storage account.

B. Add extended properties to the column.

C. Turn on auditing and write audit logs to an Event Hub

D. Apply sensitivity labels named Highly Confidential to the column.

E. Turn on Azure Defender for SQL

Answer explanation

Correct Answer: ADE
D: You can apply sensitivity-classification labels persistently to columns by using new metadata attributes that have been added to the SQL
Server database engine. This metadata can then be used for advanced, sensitivity-based auditing and protection scenarios.
A: An important aspect of the information-protection paradigm is the ability to monitor access to sensitive data. Azure SQL Auditing has been
enhanced to include a new field in the audit log called data_sensitivity_information. This field logs the sensitivity classifications (labels) of the
data that was returned by a query. E: Enable Microsoft Defender for Azure SQL Database at the subscription level from Microsoft Defender for Cloud.
Note: Microsoft Defender for SQL is a unified package for advanced SQL security capabilities. Microsoft Defender for Cloud is available for
Azure SQL Database,
Azure SQL Managed Instance, and Azure Synapse Analytics.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You have an Azure virtual machine named VM1 on a virtual network named VNet1. Outbound traffic from VM1 to the internet is blocked.
You have an Azure SQL database named SqlDb1 on a logical server named SqlSrv1.
You need to implement connectivity between VM1 and SqlDb1 to meet the following requirements:
✑ Ensure that all traffic to the public endpoint of SqlSrv1 is blocked.
✑ Minimize the possibility of VM1 exfiltrating data stored in SqlDb1.
What should you create on VNet1?

A. a VPN gateway

B. a service endpoint

C. a private link

D. an ExpressRoute gateway

Answer explanation

Correct Answer: C
Azure Private Link enables you to access Azure PaaS Services (for example, Azure Storage and SQL Database) and Azure hosted customerowned/
partner services over a private endpoint in your virtual network.
Traffic between your virtual network and the service travels the Microsoft backbone network. Exposing your service to the public internet is no
longer necessary.

MULTIPLE SELECT QUESTION

45 sec • 2 pts

You have 40 Azure SQL databases, each for a different customer. All the databases reside on the same Azure SQL Database server.
You need to ensure that each customer can only connect to and access their respective database.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Implement row-level security (RLS).

B. Create users in each database.

C. Configure the database firewall

D. Configure the server firewall.

E. Create logins in the master database.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You have an Azure virtual machine named VM1 on a virtual network named VNet1. Outbound traffic from VM1 to the internet is blocked.
You have an Azure SQL database named SqlDb1 on a logical server named SqlSrv1.
You need to implement connectivity between VM1 and SqlDb1 to meet the following requirements:
✑ Ensure that VM1 cannot connect to any Azure SQL Server other than SqlSrv1.
✑ Restrict network connectivity to SqlSrv1.
What should you create on VNet1?

A. a VPN gateway

B. a service endpoint

C. a private link

D. an ExpressRoute gateway

Answer explanation

Correct Answer: C
Azure Private Link enables you to access Azure PaaS Services (for example, Azure Storage and SQL Database) and Azure hosted customerowned/
partner services over a private endpoint in your virtual network.
Traffic between your virtual network and the service travels the Microsoft backbone network. Exposing your service to the public internet is no
longer necessary.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You are developing an application that uses Azure Data Lake Storage Gen 2.
You need to recommend a solution to grant permissions to a specific application for a limited time period.
What should you include in the recommendation?

A. role assignments

B. account keys

C. shared access signatures (SAS)

D. Azure Active Directory (Azure AD) identities

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You are designing an enterprise data warehouse in Azure Synapse Analytics that will contain a table named Customers. Customers will contain
credit card information.
You need to recommend a solution to provide salespeople with the ability to view all the entries in Customers. The solution must prevent all the
salespeople from viewing or inferring the credit card information.
What should you include in the recommendation?

A. row-level security

B. data masking

C. Always Encrypted

D. column-level security

Answer explanation

Correct Answer: B
Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics support dynamic data masking. Dynamic data masking limits
sensitive data exposure by masking it to non-privileged users.
The Credit card masking method exposes the last four digits of the designated fields and adds a constant string as a prefix in the form of a
credit card.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You have a data warehouse in Azure Synapse Analytics.
You need to ensure that the data in the data warehouse is encrypted at rest.
What should you enable?

A. Transparent Data Encryption (TDE)

B. Advanced Data Security for this database

C. Always Encrypted for all columns

D. Secure transfer required

Answer explanation

Correct Answer: A
Transparent data encryption (TDE) helps protect Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics against the
threat of malicious offline activity by encrypting data at rest.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

18 questions

ENTERPRISE COMPUTING WITH ADVANCED JAVA

Quiz

•

Professional Development

20 questions

GIS corso base

Quiz

•

Professional Development

20 questions

AWS SAA - Aquecimento

Quiz

•

Professional Development

20 questions

2º-DAM-Evaluación Inicial-HLC

Quiz

•

Professional Development

20 questions

ISACA Cyber Security Quiz - Prelims

Quiz

•

Professional Development

20 questions

MS-900 Cloud Concepts 1

Quiz

•

Professional Development

17 questions

PHP MySQL

Quiz

•

7th Grade - Professio...

22 questions

OSPF Protocol

Quiz

•

University - Professi...

Popular Resources on Wayground

8 questions

Spartan Way - Classroom Responsible

Quiz

•

9th - 12th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

14 questions

Boundaries & Healthy Relationships

Lesson

•

6th - 8th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

3 questions

Integrity and Your Health

Lesson

•

6th - 8th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

9 questions

FOREST Perception

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

Discover more resources for Computers

15 questions

LOTE_SPN2 5WEEK3 Day 2 Itinerary

Quiz

•

Professional Development

6 questions

Copy of G5_U6_L5_22-23

Lesson

•

KG - Professional Dev...

10 questions

March Quiz

Quiz

•

Professional Development

5 questions

Copy of G5_U6_L8_22-23

Lesson

•

KG - Professional Dev...

10 questions

suffixes FUL OR LESS

Quiz

•

Professional Development

DP300 Topic 2 Quiz 3

You are developing an application that uses Azure Data Lake Storage Gen 2.You need to recommend a solution to grant permissions to a specific application for a limited time period.What should you include in the recommendation?

You have a data warehouse in Azure Synapse Analytics.You need to ensure that the data in the data warehouse is encrypted at rest.What should you enable?

Correct Answer: ATransparent data encryption (TDE) helps protect Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics against thethreat of malicious offline activity by encrypting data at rest.

You have an Azure subscription that contains an Azure Data Factory version 2 (V2) data factory named df1. DF1 contains a linked service.You have an Azure Key vault named vault1 that contains an encryption kay named key1.You need to encrypt df1 by using key1.What should you do first?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers

You are developing an application that uses Azure Data Lake Storage Gen 2.
You need to recommend a solution to grant permissions to a specific application for a limited time period.
What should you include in the recommendation?

You have a data warehouse in Azure Synapse Analytics.
You need to ensure that the data in the data warehouse is encrypted at rest.
What should you enable?

Correct Answer: A
Transparent data encryption (TDE) helps protect Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics against the
threat of malicious offline activity by encrypting data at rest.

You have an Azure subscription that contains an Azure Data Factory version 2 (V2) data factory named df1. DF1 contains a linked service.
You have an Azure Key vault named vault1 that contains an encryption kay named key1.
You need to encrypt df1 by using key1.
What should you do first?