ExamGecko
Search Search Login
Home Home / Microsoft / DP-300

Microsoft DP-300 Practice Test - Questions Answers, Page 6

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Task 5 You need to configure a disaster recovery solution for db1. When a failover occurs, the connection strings to the database must remain the same. The secondary server must be in the West US 3 Azure region.
Task 10 You need to protect all the databases on sql37006S95 from SQL injection attacks.
You have an Azure subscription. You create a logical SQL server that hosts four databases Each database will be used by a separate customer. You need to ensure that each customer can access only its own database. The solution must minimize administrative effort Which two actions should you perform? Each correct answer presents part of the solution NOTE: Each correct selection is worth one point.
You have an Azure SQL Database managed instance named SQLMI1. A Microsoft SQL Server Agent job runs on SQLMI1. You need to ensure that an automatic email notification is sent once the job completes. What should you include in the solution?
HOTSPOT You have an Azure SQL database named DB1 that contains two tables named Table1 and Table2. Both tables contain a column named a Column1. Column1 is used for joins by an application named App1. You need to protect the contents of Column1 at rest, in transit, and in use. How should you protect the contents of Column1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
DRAG DROP You have an Azure SQL database that contains a table named Employees. Employees contains a column named Salary. You need to encrypt the Salary column. The solution must prevent database administrators from reading the data in the Salary column and must provide the most secure encryption. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have SQL Server on Azure virtual machines in an availability group. You have a database named DB1 that is NOT in the availability group. You create a full database backup of DB1. You need to add DB1 to the availability group. Which restore option should you use on the secondary replica?
You have a database on a SQL Server on Azure Virtual Machines instance. The current state of Query Store for the database is shown in the following exhibit.
HOTSPOT You have an Azure SQL database that contains a table named Customer. Customer has the columns shown in the following table. You plan to implement a dynamic data mask for the Customer_Phone column. The mask must meet the following requirements: ▪ The first six numerals of each customer’s phone number must be masked. ▪ The first six numerals of each customer’s phone number must be masked. ▪ The last four digits of each customer’s phone number must be visible. Hyphens must be preserved and displayed. How should you configure the dynamic data mask? To answer, select the appropriate options in the answer area.
Task 4 You need to enable change data capture (CDC) for db1.

Question 51

Report
Export
Collapse

HOTSPOT

You need to recommend the appropriate purchasing model and deployment option for the 30 new databases. The solution must meet the technical requirements and the business requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 51
Correct answer: Question 51

Explanation:

Box 1: DTU

Scenario:

The 30 new databases must scale automatically.

Once all requirements are met, minimize costs whenever possible.

You can configure resources for the pool based either on the DTU-based purchasing model or the vCore-based purchasing model. In short, for simplicity, the DTU model has an advantage. Plus, if you’re just getting started with Azure SQL Database, the DTU model offers more options at the lower end of performance, so you can get started at a lower price point than with vCore.

Box 2: An Azure SQL database elastic pool

Azure SQL Database elastic pools are a simple, cost-effective solution for managing and scaling multiple databases that have varying and unpredictable usage demands. The databases in an elastic pool are on a single server and share a set number of resources at a set price. Elastic pools in Azure SQL Database enable SaaS developers to optimize the price performance for a group of databases within a prescribed budget while delivering performance elasticity for each database.

Reference:

https://docs.microsoft.com/en-us/azure/azure-sql/database/elastic-pool-overview

https://docs.microsoft.com/en-us/azure/azure-sql/database/reserved-capacity-overview

Question 52

Report
Export
Collapse

You have a new Azure SQL database. The database contains a column that stores confidential information. You need to track each time values from the column are returned in a query. The tracking information must be stored for 365 days from the date the query was executed. Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.
Turn on auditing and write audit logs to an Azure Storage account.
A.
Turn on auditing and write audit logs to an Azure Storage account.
Answers
B.
Add extended properties to the column.
B.
Add extended properties to the column.
Answers
C.
Turn on Advanced Data Security for the Azure SQL server.
C.
Turn on Advanced Data Security for the Azure SQL server.
Answers
D.
Apply sensitivity labels named Highly Confidential to the column.
D.
Apply sensitivity labels named Highly Confidential to the column.
Answers
E.
Turn on Azure Advanced Threat Protection (ATP).
E.
Turn on Azure Advanced Threat Protection (ATP).
Answers
Suggested answer: A, C, D

Explanation:

C: Advanced Data Security (ADS) is a unified package for advanced SQL security capabilities. ADS is available for Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics. It includes functionality for discovering and classifying sensitive data

D: You can apply sensitivity-classification labels persistently to columns by using new metadata attributes that have been added to the SQL Server database engine. This metadata can then be used for advanced, sensitivity-based auditing and protection scenarios.

A: An important aspect of the information-protection paradigm is the ability to monitor access to sensitive data. Azure SQL Auditing has been enhanced to include a new field in the audit log called data_sensitivity_information. This field logs the sensitivity classifications (labels) of the data that was returned by a query. Here's an example:

Reference:

https://docs.microsoft.com/en-us/azure/azure-sql/database/data-discovery-and-classification-overview

Question 53

Report
Export
Collapse

You have an Azure virtual machine named VM1 on a virtual network named VNet1. Outbound traffic from VM1 to the internet is blocked.

You have an Azure SQL database named SqlDb1 on a logical server named SqlSrv1.

You need to implement connectivity between VM1 and SqlDb1 to meet the following requirements:

Ensure that all traffic to the public endpoint of SqlSrv1 is blocked.

Minimize the possibility of VM1 exfiltrating data stored in SqlDb1.

What should you create on VNet1?

A.
a VPN gateway
A.
a VPN gateway
Answers
B.
a service endpoint
B.
a service endpoint
Answers
C.
a private link
C.
a private link
Answers
D.
an ExpressRoute gateway
D.
an ExpressRoute gateway
Answers
Suggested answer: C

Explanation:

Azure Private Link enables you to access Azure PaaS Services (for example, Azure Storage and SQL Database) and Azure hosted customer-owned/partner services over a private endpoint in your virtual network. Traffic between your virtual network and the service travels the Microsoft backbone network. Exposing your service to the public internet is no longer necessary.

Reference: https://docs.microsoft.com/en-us/azure/private-link/private-link-overview

Question 54

Report
Export
Collapse

You have 40 Azure SQL databases, each for a different customer. All the databases reside on the same Azure SQL Database server. You need to ensure that each customer can only connect to and access their respective database.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.
Implement row-level security (RLS).
A.
Implement row-level security (RLS).
Answers
B.
Create users in each database.
B.
Create users in each database.
Answers
C.
Configure the database firewall.
C.
Configure the database firewall.
Answers
D.
Configure the server firewall.
D.
Configure the server firewall.
Answers
E.
Create logins in the master database.
E.
Create logins in the master database.
Answers
F.
Implement Always Encrypted.
F.
Implement Always Encrypted.
Answers
Suggested answer: B, E

Explanation:

By default, the cluster of nodes for the premium availability model is created in the same datacenter.With the introduction of Azure Availability Zones, SQL Database can place different replicas of theBusiness Critical database to different availability zones in the same region. To eliminate a singlepoint of failure, the control ring is also duplicated across multiple zones as three gateway rings (GW).The routing to a specific gateway ring is controlled by Azure Traffic Manager (ATM). Because the zoneredundant configuration in the Premium or Business Critical service tiers does not create additionaldatabase redundancy, you can enable it at no extra cost. By selecting a zone redundant configuration,you can make your Premium or Business Critical databases resilient to a much larger set of failures,including catastrophic datacenter outages, without any changes to the application logic. You can alsoconvert any existing Premium or Business Critical databases or pools to the zone redundantconfiguration.

Question 55

Report
Export
Collapse

You have an Azure virtual machine named VM1 on a virtual network named VNet1. Outbound traffic from VM1 to the internet is blocked.

You have an Azure SQL database named SqlDb1 on a logical server named SqlSrv1.

You need to implement connectivity between VM1 and SqlDb1 to meet the following requirements:

Ensure that VM1 cannot connect to any Azure SQL Server other than SqlSrv1.

Restrict network connectivity to SqlSrv1.

What should you create on VNet1?

A.
a VPN gateway
A.
a VPN gateway
Answers
B.
a service endpoint
B.
a service endpoint
Answers
C.
a private link
C.
a private link
Answers
D.
an ExpressRoute gateway
D.
an ExpressRoute gateway
Answers
Suggested answer: C

Explanation:

Azure Private Link enables you to access Azure PaaS Services (for example, Azure Storage and SQL Database) and Azure hosted customer-owned/partner services over a private endpoint in your virtual network.

Traffic between your virtual network and the service travels the Microsoft backbone network. Exposing your service to the public internet is no longer necessary.

Reference:

https://docs.microsoft.com/en-us/azure/private-link/private-link-overview

Question 56

Report
Export
Collapse

HOTSPOT

You have a Microsoft SQL Server database named DB1 that contains a table named Table1.

The database role membership for a user named User1 is shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.


Question 56
Correct answer: Question 56

Explanation:

Box 1: delete a row from Table1

Members of the db_datawriter fixed database role can add, delete, or change data in all user tables.

Box 2: db_datareader

Members of the db_datareader fixed database role can read all data from all user tables.

Reference:

https://docs.microsoft.com/en-us/sql/relational-databases/security/authentication-access/database-level-roles

Question 57

Report
Export
Collapse

DRAG DROP

You have a new Azure SQL database named DB1 on an Azure SQL server named AzSQL1.

The only user who was created is the server administrator.

You need to create a contained database user in DB1 who will use Azure Active Directory (Azure AD) for authentication.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.


Question 57
Correct answer: Question 57

Explanation:

Step 1: Set up the Active Directory Admin for AzSQL1.

Step 2: Connect to DB1 by using the server administrator.

Sign into your managed instance with an Azure AD login granted with the sysadmin role.

Step 3: Create a user by using the FROM EXTERNAL PROVIDER clause.

FROM EXTERNAL PROVIDER is available for creating server-level Azure AD logins in SQL Database managed instance. Azure AD logins allow database-level Azure AD principals to be mapped to server-level Azure AD logins. To create an Azure AD user from an Azure AD login use the following syntax:

CREATE USER [AAD_principal] FROM LOGIN [Azure AD login]

Reference:

https://docs.microsoft.com/en-us/sql/t-sql/statements/create-user-transact-sql

Question 58

Report
Export
Collapse

HOTSPOT

You have an Azure SQL database that contains a table named Customer. Customer has the columns shown in the following table.

You plan to implement a dynamic data mask for the Customer_Phone column. The mask must meet the following requirements:

The first six numerals of each customer’s phone number must be masked.

The first six numerals of each customer’s phone number must be masked.

The last four digits of each customer’s phone number must be visible.

Hyphens must be preserved and displayed.

How should you configure the dynamic data mask? To answer, select the appropriate options in the answer area.


Question 58
Correct answer: Question 58

Explanation:

Box 1: 0

Custom String : Masking method that exposes the first and last letters and adds a custom padding string in the middle. prefix,[padding],suffix

Box 2: xxx-xxx

Box 3: 5

Reference:

https://docs.microsoft.com/en-us/sql/relational-databases/security/dynamic-data-masking

Question 59

Report
Export
Collapse

DRAG DROP

You have an Azure SQL database that contains a table named Employees. Employees contains a column named Salary.

You need to encrypt the Salary column. The solution must prevent database administrators from reading the data in the Salary column and must provide the most secure encryption.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.


Question 59
Correct answer: Question 59

Explanation:

Step 1: Create a column master key

Create a column master key metadata entry before you create a column encryption key metadata entry in the database and before any column in the database can be encrypted using Always Encrypted.

Step 2: Create a column encryption key.

Step 3: Encrypt the Salary column by using the randomized encryption type.

Randomized encryption uses a method that encrypts data in a less predictable manner. Randomized encryption is more secure, but prevents searching, grouping, indexing, and joining on encrypted columns.

Note: A column encryption key metadata object contains one or two encrypted values of a column encryption key that is used to encrypt data in a column. Each value is encrypted using a column master key.

Incorrect Answers:

Deterministic encryption.

Deterministic encryption always generates the same encrypted value for any given plain text value. Using deterministic encryption allows point lookups, equality joins, grouping and indexing on encrypted columns. However, it may also allow unauthorized users to guess information about encrypted values by examining patterns in the encrypted column, especially if there's a small set of possible encrypted values, such as True/False, or North/South/East/West region.

Reference:

https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine

Question 60

Report
Export
Collapse

HOTSPOT

You have an Azure SQL database named DB1 that contains two tables named Table1 and Table2. Both tables contain a column named a Column1. Column1 is used for joins by an application named App1.

You need to protect the contents of Column1 at rest, in transit, and in use.

How should you protect the contents of Column1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 60
Correct answer: Question 60

Explanation:

Box 1: Column encryption Key

Always Encrypted uses two types of keys: column encryption keys and column master keys. A column encryption key is used to encrypt data in an encrypted column. A column master key is a key-protecting key that encrypts one or more column encryption keys.

Incorrect Answers:

TDE encrypts the storage of an entire database by using a symmetric key called the Database Encryption Key (DEK).

Box 2: Deterministic

Always Encrypted is a feature designed to protect sensitive data, such as credit card numbers or national identification numbers (for example, U.S. social security numbers), stored in Azure SQL Database or SQL Server databases. Always Encrypted allows clients to encrypt sensitive data inside client applications and never reveal the encryption keys to the Database Engine (SQL Database or SQL Server).

Always Encrypted supports two types of encryption: randomized encryption and deterministic encryption. Deterministic encryption always generates the same encrypted value for any given plain text value. Using deterministic encryption allows point lookups, equality joins, grouping and indexing on encrypted columns.

Incorrect Answers:

Randomized encryption uses a method that encrypts data in a less predictable manner. Randomized encryption is more secure, but prevents searching, grouping, indexing, and joining on encrypted columns.

Transparent data encryption (TDE) helps protect Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics against the threat of malicious offline activity by encrypting data at rest. It performs real-time encryption and decryption of the database, associated backups, and transaction log files at rest without requiring changes to the application.

Reference:

https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine

Total 338 questions
Go to page: of 34
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms