HOTSPOT -
You need to recommend a solution to meet the requirements for connections to ClaimsDB.
What should you recommend using for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 
















 

Suggested Answer: 
    



Box 1: A private endpoint -
Scenario: An Azure SQL database named ClaimsDB that contains a table named ClaimDetails
Requirements. ClaimsApp Deployment.
Fabrikam plans to implement an internet-accessible application named ClaimsApp that will have the following specifications:
✑ ClaimsApp will be deployed to Azure App Service instances that connect to Vnet1 and Vnet2.
Users will connect to ClaimsApp by using a URL of https://claims.fabrikam.com.
 
✑ ClaimsApp will access data in ClaimsDB.
✑ ClaimsDB must be accessible only from Azure virtual networks.
✑ The app services permission for ClaimsApp must be assigned to ClaimsDB.
Web app private connectivity to Azure SQL Database.
Architecture:
 
Workflow -
1. Using Azure App Service regional VNet Integration, the web app connects to Azure through an AppSvcSubnet delegated subnet in an Azure Virtual Network.
2. In this example, the Virtual Network only routes traffic and is otherwise empty, but other subnets and workloads could also run in the Virtual Network.
3. The App Service and Private Link subnets could be in separate peered Virtual Networks, for example as part of a hub-and-spoke network configuration.
4. Azure Private Link sets up a private endpoint for the Azure SQL Database in the PrivateLinkSubnet of the Virtual Network.
5. The web app connects to the SQL Database private endpoint through the PrivateLinkSubnet of the Virtual Network.
The database firewall allows only traffic coming from the PrivateLinkSubnet to connect, making the database inaccessible from the public internet.
Box 2: A managed identity -
Managed identities for Azure resources provide Azure services with an automatically managed identity in Azure Active Directory. Using a managed identity, you can authenticate to any service that supports Azure AD authentication without managing credentials.
Reference:https://claims.fabrikam.com.

 
✑ ClaimsApp will access data in ClaimsDB.
✑ ClaimsDB must be accessible only from Azure virtual networks.
✑ The app services permission for ClaimsApp must be assigned to ClaimsDB.
Web app private connectivity to Azure SQL Database.
Architecture:
 https://docs.microsoft.com/en-us/azure/architecture/example-scenario/private-web-app/private-web-app
 https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/managed-identities-status

This question is in SC-100 Exam
For getting Microsoft Cybersecurity Architect Expert Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Microsoft. 
The website does not contain actual questions and answers from Microsoft's Certification Exams.
Trademarks, certification & product names are used for reference only and belong to Microsoft.