I think it should be: C. DirectQuery that uses a database credential
If you used the credentials of the user (D) then all users would need to be created in the database.
If the end users in AD have been given access the database, then it won't be necessary to create them again in direct query i think. "After you publish an Azure SQL DirectQuery dataset to the service, you can enable single sign-on (SSO) using Azure Active Directory (Azure AD) OAuth2 for your end users."
When the SSO option is enabled and your users access reports built atop the data source, Power BI sends their authenticated Azure AD credentials in the queries to the Azure SQL database or data warehouse. This option enables Power BI to respect the security settings that are configured at the data source level.
The requirements are:
- Litware plans to leverage data from an Azure SQL database (not an on-premise SQL Server)
- Litware uses Azure Active Directory (Azure AD) to authenticate users (not through gateway)
- The maximum allowed latency to include transactions in reports is five minutes (not import and schedule refresh)
So the answer is D. DirectQuery that uses the end-user's credentials
We will also give the AD group that represents the whole company the read access to the database so all users can run direct queries on the database.
Sorry I was wrong. After I reviewed my own responses, I think the answer is
C. DirectQuery that uses a database credential
A gateway should be implemented with DirectQuery and users should not be given read access to the database directly. This is to ensure that RSL in PowerBI is warranted. If users are given direct read access to the database, they can easily bypass the RSL in PowerBI.
Now, you get the point. You cannot grant users direct access to database.
It is an abomination in database security. A user could delete the entire database mistakenly or intentionally. :)
The correct answer is: D. DirectQuery that uses the end-user's credentials.
Here’s the reasoning:
Low-Latency Requirement: Since the maximum allowed latency for the reports is five minutes, you need to ensure near real-time access to the data. This is best achieved with DirectQuery, as it queries the database live rather than relying on cached or imported data.
Azure SQL Database with Azure AD Authentication: The company uses Azure Active Directory (Azure AD) for authentication. Using the end-user's credentials ensures that row-level security (RLS) can be enforced at the database level, restricting data access to only what the authenticated user is permitted to see.
Alignment with Reporting Requirements: The reporting requirements involve personalized data visibility, such as sales managers seeing only their region’s data. Using the end-user’s credentials ensures these data security needs are met.
why not C:
Using a shared database credential does not enforce row-level security (RLS) at the database level, meaning all users would see the same data, which violates the requirement for sales managers to see only their respective regions.
"maximum allowed latency..... is five minutes" requires tee DirectQuery storage mode in our data model so Options C or D.
It's assumed no all end-users (in fact it's expected not too many of them, if any) would have access to database, therefore connection must be set using database credentials
Selected Answer: D
DirectQuery provides real-time data access, and using the end-user's credentials ensures that each user sees data they are permitted to see according to their permissions in Azure Active Directory. This aligns with the security requirements of allowing sales managers to see only their respective region's data and other role-specific data views.
db credentials (sql server groups) make use of AD groups, never individual users; Maybe if your company has some 10 resources but in big businesses (like at least 1.000 resources) it would be a nightmare to manage.
A case where you might want to use DB credentials is when you use impersonation on sql server side (aka : technical user ID)
C should be correct.
Link: https://learn.microsoft.com/en-us/power-bi/connect-data/desktop-directquery-about
Quote: "Alternate credentials aren't supported when making DirectQuery connections to SQL Server from Power BI Desktop. You can use your current Windows credentials or database credentials."
As given in the description, you can enable single sign-on (SSO) using Azure Active Directory (Azure AD) OAuth2 for your end users. Azure AD authentication is a mechanism to connect to your SQL resource by using identities in Azure AD. With Azure AD authentication, you can centrally manage the identities of database users and other Microsoft services in one central location. Central ID management provides a single place to manage database users and simplifies permission management.
It is definitely weird, to say they use Azure SQL, and then say its Microsoft SQL Server, which certainly sounds like an onpremis (or a VM, which they dont mention).
So I would have to go with D if its Azure, C if its On Premise
The maximum allowed latency to include transactions in reports is five minutes.
Question
You need to get data from the Microsoft SQL Server tables.
What should you use to configure the connection?
A. Import that uses a Microsoft account
B. Import that uses a database credential
C. DirectQuery that uses a database credential
D. DirectQuery that uses the end-user's credentials
Sorry
Option C. DirectQuery that uses a database credential, is the best choice to configure the connection as the maximum allowed latency is five minutes, which is a relatively short time frame.
DirectQuery mode in Power BI allows queries to be sent directly to the data source, without importing the data into Power BI. This way, the report data stays up-to-date with the source data, and the maximum latency of five minutes can be easily achieved.
Using a database credential to connect to the SQL Server tables ensures secure access to the database. This also helps to meet the authentication requirements for Azure AD.
Option D, DirectQuery that uses the end-user's credentials, is not recommended as it can create security vulnerabilities, and it may not meet the requirements for Azure AD authentication.
This section is not available anymore. Please use the main Exam Page.PL-300 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Mizaan
Highly Voted 2 years, 6 months agocharles879987
2 years, 3 months agocharles879987
2 years, 3 months agocharles879987
2 years, 2 months agoAzureJobsTillRetire
Highly Voted 2 years, 4 months agoAzureJobsTillRetire
2 years, 4 months agoOdidepse
2 months, 3 weeks agoiccent2
2 years, 4 months agosroumi
Most Recent 1 day, 13 hours agoPey1nkh
2 months, 4 weeks agojaume
4 months, 3 weeks agoMo2011
10 months, 3 weeks agoDani_eL
1 year, 1 month agoDsbuff
1 year, 3 months agoBamlaku
1 year, 8 months agoMEG_Florida
1 year, 8 months agoSamuComqi
1 year, 9 months agoUlyUkr
1 year, 11 months agoShalaleh
1 year, 11 months agoShalaleh
1 year, 11 months agoSanaCanada
2 years agoluisnc
1 year, 11 months ago3cc17f1
1 year, 8 months agoMati_123
2 years, 1 month agoKungFuKenny
2 years, 2 months agonaomilena
2 years, 2 months ago