exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam

Exam AZ-305 topic 4 question 111 discussion

Actual exam question from Microsoft's AZ-305
Question #: 111
Topic #: 4
[All AZ-305 Questions]

HOTSPOT
-

You have an Azure App Service web app named Webapp1 that connects to an Azure SQL database named DB1. Webapp1 and DB1 are deployed to the East US Azure region.

You need to ensure that all the traffic between Webapp1 and DB1 is sent via a private connection.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
OrangeSG
Highly Voted 1 year, 1 month ago
Box 1: 2 subnets Create a virtual network that contains at least 2 subnets. One for the Azure App Service VNet Integration and another for the Azure Private Link. Box 2: a private DNS zone Configure name resolution to use a private DNS zone. This is necessary for the web app to work with Azure DNS private zones.
upvoted 25 times
kodathedog
1 year, 1 month ago
Private Endpoints do not require their own subnet - see https://learn.microsoft.com/en-us/azure/private-link/private-link-faq : "Do I require a dedicated subnet for Private Endpoints? No. You don't require a dedicated subnet for Private Endpoints. You can choose a Private Endpoint IP from any subnet from the VNet where your service is deployed."
upvoted 7 times
fodocel235
1 year ago
You are correct that Private Endpoint does NOT require a dedicated subnet, but when you use Web Apps inside a VNet, then delegation (integration) comes into place. If the subnet of the Web App has a delegation (Microsoft.Web/serverFarms) nothing can be created in that subnet besides the "Microsoft.Web/serverFarms". So it is NOT possible to create Private Endpoint in a delegated subnet. So in this case you need a VNet. In that VNet you create a subnet for Web Apps with delegation. You need another subnet for the Private Endpoint to connect to the SQL database. Answer: 2 subnets (1x Private Endpoint; 1x Web Apps) A private DNS zone
upvoted 23 times
...
...
...
SeMo0o0o0o
Most Recent 3 weeks ago
WRONG 2 Subnets A private DNS zone
upvoted 1 times
...
Lazylinux
7 months, 2 weeks ago
2 Subnets - vNET integration + Private EP (Note subnet is not dedicated to EP and can be other subnet but not Integration subnet hence another subnet must be provisioned), Private EP require private DNS in this scenario
upvoted 3 times
...
cris_exam
8 months, 1 week ago
Box1: 2 VNETs Box2: Private DNS zone I have been working with PE/PLs for the past 3 years, so MS tells us that PEs don't go along with delegated subnets as in this case with the webapp and the SQL PE. Any Subnet that has been delegated (as in webapp VNET integration), doesn't support to have a PE inside it. https://learn.microsoft.com/en-us/azure/virtual-network/subnet-delegation-overview#effect-of-subnet-delegation-on-your-subnet "Each Azure service defines their own deployment model, where they can define what properties they do or don't support in a delegated subnet for injection purposes as follows: Can't be used with a private endpoint if the subnet is delegated."
upvoted 2 times
cris_exam
8 months, 1 week ago
sorry = correction Box1: 2 Subnets
upvoted 2 times
go4adil
7 months, 2 weeks ago
Correct. Box1: 2 Subnets "Virtual network integration depends on a dedicated subnet." https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration
upvoted 1 times
...
...
...
kodjoa2024
8 months, 2 weeks ago
Azure App Service VNet Integration required dedicated subnet and we need second subnet for IP address of Private Link.
upvoted 1 times
...
cesco1286
12 months ago
People that respond in here never used Azure. You need Virtual network integration for a Web App to talk with a service inside a Vnet. And you need a different subnet for the SQL Private endpoint. So you need at the very least 2 subnets to have this working
upvoted 4 times
...
kodathedog
1 year ago
This is a nasty question. 1 subnet would be sufficient if the App only needs inbound traffic, because Private Endpoints only support Inbound traffic - "Private endpoint is only used for incoming traffic to your app. Outgoing traffic won't use this private endpoint. You can inject outgoing traffic to your network in a different subnet through the virtual network integration feature." - https://learn.microsoft.com/en-us/azure/app-service/overview-private-endpoint So you need Virtual Network Integration as well as a private endpoint for the app, to enable the app to talk to the database. For example, see https://gregorsuttie.com/2023/01/16/azure-web-app-using-azure-sql-using-private-endpoints/
upvoted 3 times
a03
1 year ago
in this example are 2 subnets webappsSubnet: 10.1.2.0.24 sqlSubnet: 10.1.1.0/24
upvoted 4 times
...
...
JazzyStahh
1 year, 1 month ago
2 subnets. one for the DB and one for the app service. https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration#subnet-requirements
upvoted 2 times
...
randy0077
1 year, 1 month ago
given answer is correct.
upvoted 1 times
...
pabsinaz
1 year, 1 month ago
Correct answer. 1 subnet and Private DNS zone.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...