ExamGecko
Search Search Login
Home Home / Microsoft / DP-300

Microsoft DP-300 Practice Test - Questions Answers, Page 7

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Task 5 You need to configure a disaster recovery solution for db1. When a failover occurs, the connection strings to the database must remain the same. The secondary server must be in the West US 3 Azure region.
Task 10 You need to protect all the databases on sql37006S95 from SQL injection attacks.
You have an Azure subscription. You create a logical SQL server that hosts four databases Each database will be used by a separate customer. You need to ensure that each customer can access only its own database. The solution must minimize administrative effort Which two actions should you perform? Each correct answer presents part of the solution NOTE: Each correct selection is worth one point.
You have an Azure SQL Database managed instance named SQLMI1. A Microsoft SQL Server Agent job runs on SQLMI1. You need to ensure that an automatic email notification is sent once the job completes. What should you include in the solution?
HOTSPOT You have an Azure SQL database named DB1 that contains two tables named Table1 and Table2. Both tables contain a column named a Column1. Column1 is used for joins by an application named App1. You need to protect the contents of Column1 at rest, in transit, and in use. How should you protect the contents of Column1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
DRAG DROP You have an Azure SQL database that contains a table named Employees. Employees contains a column named Salary. You need to encrypt the Salary column. The solution must prevent database administrators from reading the data in the Salary column and must provide the most secure encryption. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have SQL Server on Azure virtual machines in an availability group. You have a database named DB1 that is NOT in the availability group. You create a full database backup of DB1. You need to add DB1 to the availability group. Which restore option should you use on the secondary replica?
You have a database on a SQL Server on Azure Virtual Machines instance. The current state of Query Store for the database is shown in the following exhibit.
HOTSPOT You have an Azure SQL database that contains a table named Customer. Customer has the columns shown in the following table. You plan to implement a dynamic data mask for the Customer_Phone column. The mask must meet the following requirements: ▪ The first six numerals of each customer’s phone number must be masked. ▪ The first six numerals of each customer’s phone number must be masked. ▪ The last four digits of each customer’s phone number must be visible. Hyphens must be preserved and displayed. How should you configure the dynamic data mask? To answer, select the appropriate options in the answer area.
Task 4 You need to enable change data capture (CDC) for db1.

Question 61

Report
Export
Collapse

DRAG DROP

You have an Azure SQL Database instance named DatabaseA on a server named Server1.

You plan to add a new user named App1 to DatabaseA and grant App1 db_datacenter permissions. App1 will use SQL Server Authentication.

You need to create App1. The solution must ensure that App1 can be given access to other databases by using the same credentials.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.


Question 61
Correct answer: Question 61

Explanation:

Step 1: On the master database, run CREATE LOGIN [App1] WITH PASSWORD = 'p@aaW0rd!'

Logins are server wide login and password pairs, where the login has the same password across all databases. Here is some sample Transact-SQL that creates a login:

CREATE LOGIN readonlylogin WITH password='1231!#ASDF!a';

You must be connected to the master database on SQL Azure with the administrative login (which you get from the SQL Azure portal) to execute the CREATE LOGIN command. Step 2: On DatabaseA, run CREATE USER [App1] FROM LOGIN [App1]

Users are created per database and are associated with logins. You must be connected to the database in where you want to create the user. In most cases, this is not the master database. Here is some sample Transact-SQL that creates a user:

CREATE USER readonlyuser FROM LOGIN readonlylogin;

Step 3: On DatabaseA run ALTER ROLE db_datareader ADD Member [App1]

Just creating the user does not give them permissions to the database. You have to grant them access. In the Transact-SQL example below the readonlyuser is given read only permissions to the database via the db_datareader role.

EXEC sp_addrolemember 'db_datareader', 'readonlyuser';

Reference:

https://azure.microsoft.com/en-us/blog/adding-users-to-your-sql-azure-database/

Question 62

Report
Export
Collapse

You are developing an application that uses Azure Data Lake Storage Gen 2.

You need to recommend a solution to grant permissions to a specific application for a limited time period. What should you include in the recommendation?

A.
role assignments
A.
role assignments
Answers
B.
account keys
B.
account keys
Answers
C.
shared access signatures (SAS)
C.
shared access signatures (SAS)
Answers
D.
Azure Active Directory (Azure AD) identities
D.
Azure Active Directory (Azure AD) identities
Answers
Suggested answer: C

Explanation:

A shared access signature (SAS) provides secure delegated access to resources in your storage account. With a SAS, you have granular control over how a client can access your data. For example:

What resources the client may access.

What permissions they have to those resources.

How long the SAS is valid.

Note: Data Lake Storage Gen2 supports the following authorization mechanisms:

Shared Key authorization

Shared access signature (SAS) authorization

Role-based access control (Azure RBAC)

Access control lists (ACL) Data Lake Storage Gen2 supports the following authorization mechanisms:

Shared Key authorization

Shared access signature (SAS) authorization

Role-based access control (Azure RBAC)

Access control lists (ACL)

Reference:

https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview

Question 63

Report
Export
Collapse

You are designing an enterprise data warehouse in Azure Synapse Analytics that will contain a table named Customers. Customers will contain credit card information. You need to recommend a solution to provide salespeople with the ability to view all the entries in Customers. The solution must prevent all the salespeople from viewing or inferring the credit card information. What should you include in the recommendation?

A.
row-level security
A.
row-level security
Answers
B.
data masking
B.
data masking
Answers
C.
Always Encrypted
C.
Always Encrypted
Answers
D.
column-level security
D.
column-level security
Answers
Suggested answer: B

Explanation:

Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics support dynamic data masking. Dynamic data masking limits sensitive data exposure by masking it to non-privileged users. The Credit card masking method exposes the last four digits of the designated fields and adds a constant string as a prefix in the form of a credit card. Example:

XXXX-XXXX-XXXX-1234

Question 64

Report
Export
Collapse

You have a data warehouse in Azure Synapse Analytics.

You need to ensure that the data in the data warehouse is encrypted at rest.

What should you enable?

A.
Transparent Data Encryption (TDE)
A.
Transparent Data Encryption (TDE)
Answers
B.
Advanced Data Security for this database
B.
Advanced Data Security for this database
Answers
C.
Always Encrypted for all columns
C.
Always Encrypted for all columns
Answers
D.
Secure transfer required
D.
Secure transfer required
Answers
Suggested answer: A

Explanation:

Transparent data encryption (TDE) helps protect Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics against the threat of malicious offline activity by encrypting data at rest.

Reference:

https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-tde-overview

Question 65

Report
Export
Collapse

You are designing a security model for an Azure Synapse Analytics dedicated SQL pool that will support multiple companies. You need to ensure that users from each company can view only the data of their respective company.

Which two objects should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A.
a column encryption key
A.
a column encryption key
Answers
B.
asymmetric keys
B.
asymmetric keys
Answers
C.
a function
C.
a function
Answers
D.
a custom role-based access control (RBAC) role
D.
a custom role-based access control (RBAC) role
Answers
E.
a security policy
E.
a security policy
Answers
Suggested answer: D, E

Explanation:

Azure RBAC is used to manage who can create, update, or delete the Synapse workspace and its SQL pools, Apache Spark pools, and Integration runtimes. Define and implement network security configurations for resources related to your dedicated SQL pool with Azure Policy.

Reference: https://docs.microsoft.com/en-us/azure/synapse-analytics/security/synapse-workspace-synapse-rbac https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/synapse-analytics-security-baseline

Question 66

Report
Export
Collapse

You have an Azure subscription that contains an Azure Data Factory version 2 (V2) data factory named df1. DF1 contains a linked service. You have an Azure Key vault named vault1 that contains an encryption kay named key1.

You need to encrypt df1 by using key1.

What should you do first?

A.
Disable purge protection on vault1.
A.
Disable purge protection on vault1.
Answers
B.
Remove the linked service from df1.
B.
Remove the linked service from df1.
Answers
C.
Create a self-hosted integration runtime.
C.
Create a self-hosted integration runtime.
Answers
D.
Disable soft delete on vault1.
D.
Disable soft delete on vault1.
Answers
Suggested answer: B

Explanation:

A customer-managed key can only be configured on an empty data Factory. The data factory can't contain any resources such as linked services, pipelines and data flows. It is recommended to enable customer-managed key right after factory creation.

Note: Azure Data Factory encrypts data at rest, including entity definitions and any data cached while runs are in progress. By default, data is encrypted with a randomly generated Microsoft-managed key that is uniquely assigned to your data factory.

Incorrect Answers:

A, D: Should enable Soft Delete and Do Not Purge on Azure Key Vault.

Using customer-managed keys with Data Factory requires two properties to be set on the Key Vault, Soft Delete and Do Not Purge. These properties can be enabled using either PowerShell or Azure CLI on a new or existing key vault.

Reference:

https://docs.microsoft.com/en-us/azure/data-factory/enable-customer-managed-key

Question 67

Report
Export
Collapse

HOTSPOT

You have an Azure subscription that is linked to a hybrid Azure Active Directory (Azure AD) tenant. The subscription contains an Azure Synapse Analytics SQL pool named Pool1.

You need to recommend an authentication solution for Pool1. The solution must support multi-factor authentication (MFA) and database-level authentication.

Which authentication solution or solutions should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 67
Correct answer: Question 67

Explanation:

Box 1: Azure AD authentication

Azure Active Directory authentication supports Multi-Factor authentication through Active Directory Universal Authentication.

Box 2: Contained database users

Azure Active Directory Uses contained database users to authenticate identities at the database level.

Incorrect:

SQL authentication: To connect to dedicated SQL pool (formerly SQL DW), you must provide the following information:

Fully qualified servername

Specify SQL authentication

Username

Password

Default database (optional)

Reference:

https://docs.microsoft.com/en-us/azure/synapse-analytics/sql-data-warehouse/sql-data-warehouse-authentication

Question 68

Report
Export
Collapse

You have an Azure subscription that contains a server named Server1. Server1 hosts two Azure SQL databases named DB1 and DB2.

You plan to deploy a Windows app named App1 that will authenticate to DB2 by using SQL authentication.

You need to ensure that App1 can access DB2. The solution must meet the following requirements:

App1 must be able to view only DB2.

Administrative effort must be minimized.

What should you create?

A.
a contained database user for App1 on DB2
A.
a contained database user for App1 on DB2
Answers
B.
a login for App1 on Server1
B.
a login for App1 on Server1
Answers
C.
a contained database user from an external provider for App1 on DB2
C.
a contained database user from an external provider for App1 on DB2
Answers
D.
a contained database user from a Windows login for App1 on DB2
D.
a contained database user from a Windows login for App1 on DB2
Answers
Suggested answer: D

Explanation:

Reference:

https://docs.microsoft.com/en-us/sql/relational-databases/security/contained-database-users-making-your-database-portable?view=sql-server-ver15

Question 69

Report
Export
Collapse

You create five Azure SQL Database instances on the same logical server.

In each database, you create a user for an Azure Active Directory (Azure AD) user named User1.

User1 attempts to connect to the logical server by using Azure Data Studio and receives a login error.

You need to ensure that when User1 connects to the logical server by using Azure Data Studio, User1 can see all the databases.

What should you do?

A.
Create User1 in the master database.
A.
Create User1 in the master database.
Answers
B.
Assign User1 the db_datareader role for the master database.
B.
Assign User1 the db_datareader role for the master database.
Answers
C.
Assign User1 the db_datareader role for the databases that User1 creates.
C.
Assign User1 the db_datareader role for the databases that User1 creates.
Answers
D.
Grant SELECT on sys.databases to public in the master database.
D.
Grant SELECT on sys.databases to public in the master database.
Answers
Suggested answer: A

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/azure-sql/database/logins-create-manage

Question 70

Report
Export
Collapse

Which windowing function should you use to perform the streaming aggregation of the sales data?

A.
Sliding
A.
Sliding
Answers
B.
Hopping
B.
Hopping
Answers
C.
Session
C.
Session
Answers
D.
Tumbling
D.
Tumbling
Answers
Suggested answer: D

Explanation:

Scenario: The sales data, including the documents in JSON format, must be gathered as it arrives and analyzed online by using Azure Stream Analytics. The analytics process will perform aggregations that must be done continuously, without gaps, and without overlapping.

Tumbling window functions are used to segment a data stream into distinct time segments and perform a function against them, such as the example below. The key differentiators of a Tumbling window are that they repeat, do not overlap, and an event cannot belong to more than one tumbling window.

Reference:

https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/stream-analytics/stream-analytics-window-functions.md

Total 338 questions
Go to page: of 34
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms