ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam
Go to Exam

Exam AZ-305 topic 4 question 111 discussion

Actual exam question from Microsoft's AZ-305
Question #: 111
Topic #: 4
[All AZ-305 Questions]

HOTSPOT
-

You have an Azure App Service web app named Webapp1 that connects to an Azure SQL database named DB1. Webapp1 and DB1 are deployed to the East US Azure region.

You need to ensure that all the traffic between Webapp1 and DB1 is sent via a private connection.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by pabsinaz at Oct. 17, 2023, 11:08 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
OrangeSG
Highly Voted 1 year, 5 months ago
Box 1: 2 subnets Create a virtual network that contains at least 2 subnets. One for the Azure App Service VNet Integration and another for the Azure Private Link. Box 2: a private DNS zone Configure name resolution to use a private DNS zone. This is necessary for the web app to work with Azure DNS private zones.
upvoted 28 times
kodathedog
1 year, 5 months ago
Private Endpoints do not require their own subnet - see https://learn.microsoft.com/en-us/azure/private-link/private-link-faq : "Do I require a dedicated subnet for Private Endpoints? No. You don't require a dedicated subnet for Private Endpoints. You can choose a Private Endpoint IP from any subnet from the VNet where your service is deployed."
upvoted 7 times
fodocel235
1 year, 4 months ago
You are correct that Private Endpoint does NOT require a dedicated subnet, but when you use Web Apps inside a VNet, then delegation (integration) comes into place. If the subnet of the Web App has a delegation (Microsoft.Web/serverFarms) nothing can be created in that subnet besides the "Microsoft.Web/serverFarms". So it is NOT possible to create Private Endpoint in a delegated subnet. So in this case you need a VNet. In that VNet you create a subnet for Web Apps with delegation. You need another subnet for the Private Endpoint to connect to the SQL database. Answer: 2 subnets (1x Private Endpoint; 1x Web Apps) A private DNS zone
upvoted 28 times
...
...
...
cesco1286
Highly Voted 1 year, 4 months ago
People that respond in here never used Azure. You need Virtual network integration for a Web App to talk with a service inside a Vnet. And you need a different subnet for the SQL Private endpoint. So you need at the very least 2 subnets to have this working
upvoted 7 times
...
junkz
Most Recent 2 months, 2 weeks ago
i would argue that second box is azure private dns resolver. yes, you do need a private dns zone to integrate the SQL PE, however thw question is what do you need to configure on VNET level. so on vnet, the dns servers has two options: azure-provided and custom. on custom, you can only add IPs. private DNS zones are FQDN based. so, my take is that NOTHING should be changed at VNET level (and leave the default zure private dns resolver. in place), as long as the private DNS zone is linked to the VNET already
upvoted 2 times
...
[Removed]
5 months, 1 week ago
WRONG 2 Subnets A private DNS zone
upvoted 2 times
...
Lazylinux
1 year ago
2 Subnets - vNET integration + Private EP (Note subnet is not dedicated to EP and can be other subnet but not Integration subnet hence another subnet must be provisioned), Private EP require private DNS in this scenario
upvoted 3 times
...
cris_exam
1 year ago
Box1: 2 VNETs Box2: Private DNS zone I have been working with PE/PLs for the past 3 years, so MS tells us that PEs don't go along with delegated subnets as in this case with the webapp and the SQL PE. Any Subnet that has been delegated (as in webapp VNET integration), doesn't support to have a PE inside it. https://learn.microsoft.com/en-us/azure/virtual-network/subnet-delegation-overview#effect-of-subnet-delegation-on-your-subnet "Each Azure service defines their own deployment model, where they can define what properties they do or don't support in a delegated subnet for injection purposes as follows: Can't be used with a private endpoint if the subnet is delegated."
upvoted 2 times
cris_exam
1 year ago
sorry = correction Box1: 2 Subnets
upvoted 2 times
go4adil
1 year ago
Correct. Box1: 2 Subnets "Virtual network integration depends on a dedicated subnet." https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration
upvoted 1 times
...
...
...
kodjoa2024
1 year, 1 month ago
Azure App Service VNet Integration required dedicated subnet and we need second subnet for IP address of Private Link.
upvoted 1 times
...
kodathedog
1 year, 5 months ago
This is a nasty question. 1 subnet would be sufficient if the App only needs inbound traffic, because Private Endpoints only support Inbound traffic - "Private endpoint is only used for incoming traffic to your app. Outgoing traffic won't use this private endpoint. You can inject outgoing traffic to your network in a different subnet through the virtual network integration feature." - https://learn.microsoft.com/en-us/azure/app-service/overview-private-endpoint So you need Virtual Network Integration as well as a private endpoint for the app, to enable the app to talk to the database. For example, see https://gregorsuttie.com/2023/01/16/azure-web-app-using-azure-sql-using-private-endpoints/
upvoted 3 times
a03
1 year, 5 months ago
in this example are 2 subnets webappsSubnet: 10.1.2.0.24 sqlSubnet: 10.1.1.0/24
upvoted 4 times
...
...
JazzyStahh
1 year, 5 months ago
2 subnets. one for the DB and one for the app service. https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration#subnet-requirements
upvoted 2 times
...
randy0077
1 year, 5 months ago
given answer is correct.
upvoted 1 times
...
pabsinaz
1 year, 6 months ago
Correct answer. 1 subnet and Private DNS zone.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago