Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam

Exam AZ-305 topic 2 question 11 discussion

Actual exam question from Microsoft's AZ-305
Question #: 11
Topic #: 2
[All AZ-305 Questions]

HOTSPOT -
You have an Azure subscription that contains the SQL servers on Azure shown in the following table.

The subscription contains the storage accounts shown in the following table.

You create the Azure SQL databases shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Yes -
Auditing works fine for a Standard account.

Box 2: No -
Auditing limitations: Premium storage is currently not supported.

Box 3: No -
Auditing limitations: Premium storage is currently not supported.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview#auditing-limitations

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
jkklim
Highly Voted 2 years, 9 months ago
YNN CONCEPT TO REMEMBER 1. TO WRITE INTO STORAGE, MUST BE IN SAME REGION 2. TO WIRTE IN LOG ANALYTICS SPACE - CAN BE IN DIFFERENT REGION SINCE WE ARE USING CONCEPT 1, CAN ONLY WRITE INTO SAME REGION IT HAS NOTHING TO DO WITH PRICING TIER
upvoted 180 times
ValB
3 weeks, 6 days ago
The databases can be in any region because resource groups can contain resources from different regions. There is nothing here specifying in which regions are the databases. Therefore I believe that invoking the region as argument is wrong.
upvoted 1 times
...
Rayane
1 year, 10 months ago
Why are you writing in capital, LOL ?
upvoted 23 times
nigw
1 year, 10 months ago
because it's SQL :)
upvoted 88 times
annabelbm
1 year, 10 months ago
According to MS documentation: If you are deploying from the Azure portal, be sure that the storage account is in the same region as your database and server. If you are deploying through other methods, the storage account can be in any region.
upvoted 6 times
sugarbubbles
7 months, 1 week ago
So are you implying that it should be YYY?
upvoted 1 times
...
...
...
...
olympe
1 year, 3 months ago
it's wrong,this has nothing to do with regions.!!!!!!!!
upvoted 3 times
SDiwan
9 months, 1 week ago
you are wrong. For auditing, storage account needs to be in same region as db. I have tested just now in lab. It won't show any storage acocunts in other regions while configuring auditing.
upvoted 4 times
Paputzback
3 weeks ago
I did the same thing. I created 2 LRS storage accounts. One in the EastUS, the other in Central US. I created a SQL database in WestUS. Then from Security > Auditing I enabled auditing and neither storage account appeared. So the region of the storage is definitely key.
upvoted 1 times
...
ValB
3 weeks, 6 days ago
But we don't know in which regions the databases are, because resource groups can contain resources from different regions.
upvoted 1 times
davidpetersiani
3 days, 14 hours ago
We know exactly where are the databases... Databases are created on a SQLsrv and we know the location of the SQL servers
upvoted 1 times
...
...
...
...
...
default_wizard
Highly Voted 2 years, 11 months ago
answer sould be Yes, No, No Auditing limitations Premium storage is currently not supported. https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview
upvoted 67 times
Shadow983
2 years, 11 months ago
I saw this in document, but I am not sure that is mean sql database or storage account.
upvoted 4 times
Shadow983
2 years, 11 months ago
BTW, the region is not the same. Y, N, N should be correct.
upvoted 15 times
makkros
2 years, 8 months ago
Who said that? Storage have indicated the Resource group only not the region
upvoted 1 times
epomatti
2 years, 5 months ago
Makkros yes it DOES indicate the location.
upvoted 2 times
...
...
...
...
Eltooth
2 years, 11 months ago
https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview#auditing-limitations
upvoted 5 times
...
sonoksmy
2 years, 1 month ago
Storage 2 can be standard BlobStorage, therefore this explanation is not correct
upvoted 3 times
...
...
SeMo0o0o0o
Most Recent 1 week, 5 days ago
CORRECT (they must be in the same region)
upvoted 1 times
...
enigma65
3 weeks, 2 days ago
Box 1: Yes Be sure that the destination is in the same region as your database and server. Box 2: No Since the regions are not the same. Box 3: Yes Blob Storage is always standard but SQL database premium supports audit logs.
upvoted 1 times
...
ValB
3 weeks, 6 days ago
Sql server auditing when the storage account is is behind a virtual network or firewall can only use storage accounts only of type general purpose v2 or premium storage with BlockBlobStorage, but not general purpose v1 and neither Blob Storage account. The databases can be actually in any regions because resource groups can contain resources from different regions.
upvoted 1 times
...
Thanveer
1 month, 1 week ago
Yes No No
upvoted 1 times
...
KarimaMaf
3 months ago
If you are deploying from the Azure portal, make sure that the storage account is in the same region as your database and server. If you are deploying through other methods, the storage account can be in any region. https://learn.microsoft.com/en-us/azure/azure-sql/database/auditing-setup?view=azuresql
upvoted 1 times
...
23169fd
5 months ago
it should be Y Y Y Key Points from Azure Documentation: Region: Audit logs can be stored in any region within the same subscription. Pricing Tier: Pricing tiers (Standard, Premium) do not restrict auditing capabilities. Account Kind: Audit logs can be stored in both general-purpose v2 (StorageV2) and BlobStorage accounts.
upvoted 1 times
cosmicT73
2 months, 2 weeks ago
as per microsoft ,: Premium storage with BlockBlobStorage is supported. Standard storage is supported. However, for audit to write to a storage account behind a VNet or firewall, you must have a general-purpose v2 storage account. If you have a general-purpose v1 or Blob Storage account, upgrade to a general-purpose v2 storage account.
upvoted 2 times
_punky_
1 month ago
https://learn.microsoft.com/en-us/azure/azure-sql/database/auditing-overview?view=azuresql#remarks Reference: Premium storage with BlockBlobStorage is supported. Standard storage is supported. However, for audit to write to a storage account behind a virtual network or firewall, you must have a general-purpose v2 storage account. If you have a general-purpose v1 or Blob Storage account, upgrade to a general-purpose v2 storage account. For specific instructions see, Write audit to a storage account behind VNet and firewall. For more information, see Types of storage accounts. Conclusion: As you know to deploy storage account you need to create a Vnet in RG the same rule applies for the SQLDBs. So YNY: Storage1 is in RG1 where SQL1 is in RG1 both are in the same Vnet(implicitly). Storage2 is in different RG2 than SQLDB2 Storage3 would work with SQLDB3 but there is problem that storage account is in different region than RG and DB3 so that means(implicitly) you have to have 2 Vnets, the problem is that Central US is not paired with West US region and therefore they cannot be - N
upvoted 2 times
_punky_
1 month ago
YNN - Correction The key factors for determining if audit logs can be stored in a particular storage account are the region and resource group, not the pricing tier of the database.
upvoted 1 times
...
...
...
...
RickySmith
6 months, 3 weeks ago
YYY https://learn.microsoft.com/en-us/azure/azure-sql/database/auditing-setup?view=azuresql#audit-to-storage-destination It has nothing to do with the pricing tier of the SQL server or the stoprage. It does depend on what is being used to configure the auditing. If you try to configure via Azure Portal, then it needs to be same region. If you are trying to configure via CLI, then it can be any region.
upvoted 1 times
Lazylinux
6 months, 3 weeks ago
U Must have been talking to Bill Gates!! Ans YNN
upvoted 2 times
...
...
Markoduk
8 months, 1 week ago
Yes No No 1. is a given 2. https://learn.microsoft.com/en-us/azure/azure-sql/database/audit-write-storage-account-behind-vnet-firewall?view=azuresql#prerequisites The storage account must be on the same tenant and at the same location as the logical SQL server (it's OK to be on different subscriptions). 3. BlockBlobStorage in not mentioned!? (Blob Storage) https://learn.microsoft.com/en-us/azure/azure-sql/database/audit-write-storage-account-behind-vnet-firewall?view=azuresql#prerequisites The premium storage with BlockBlobStorage is supported
upvoted 1 times
...
SDiwan
9 months, 1 week ago
Test in Lab. Answer is indeed Y,N,N. Reason: While configuring auditing for azure sql db, azure portal only will show storage accounts which are in same region. Both standard and premium storage accounts can be used but they need to be in same region as db.
upvoted 2 times
...
JimmyYop
10 months, 1 week ago
appeared in Exam 01/2024
upvoted 6 times
...
cesco1286
11 months, 2 weeks ago
Y, N, N should be the correct response now. as of december 2023, Premium storage is supported for SQL Auditing - but you can't write to a different region (just try it in the portal, see if storages in different regions pop up ;)
upvoted 3 times
...
nav109
1 year ago
Got this on Nov. 17, 2023
upvoted 5 times
...
ncseffai
1 year, 1 month ago
I tried. MY SQL server is in West Europe. I created a Standard V2 storage account in North Europe. When I try to configure the auditing the storage account does not show up in the dropdown. A standard v2 storage account in west Europe is in the list however.
upvoted 2 times
...
Learningcurve101
1 year, 2 months ago
yes no no. blobstorage is unsupported. blockblobstorage is supported..
upvoted 2 times
...
xurxosan
1 year, 2 months ago
YYY https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview#auditing-limitations Premium storage with BlockBlobStorage is supported. Standard storage is supported. However, for audit to write to a storage account behind a VNet or firewall, you must have a general-purpose v2 storage account. If you have a general-purpose v1 or Blob Storage account, upgrade to a general-purpose v2 storage account. For specific instructions see, Write audit to a storage account behind VNet and firewall. For more information, see Types of storage accounts.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...