AZ-500 Question #158: Real Exam Question with Answer & Explanation

Question

SIMULATION You need to configure a Microsoft SQL server named Web11597200 only to accept connections from the Subnet0 subnet on the VNET01 virtual network. To complete this task, sign in to the Azure portal. Answer: You need to allow access to Azure services and configure a virtual network rule for the SQL Server. 1. In the Azure portal, type SQL Server in the search box, select SQL Server from the search results then select the server named web11597200. Alternatively, browse to SQL Server in the left navigation pane. 2. In the properties of the SQL Server, click Firewalls and virtual networks. 3. In the Virtual networks section, click on Add existing. This will open the Create/Update virtual network rule window. 4. Give the rule a name such as Allow_VNET01-Subnet0 (it doesn't matter what name you enter for the exam). 5. In the Virtual network box, select VNET01. 6. In the Subnet name box, select Subnet0. 7. Click the OK button to save the rule. 8. Back in the Firewall / Virtual Networks window, set the Allow access to Azure services option to On.

Options

• taskConfigure a Microsoft SQL server named Web11597200 only to accept connections from the Subnet0 subnet on the VNET01 virtual network.
• prerequisitesAzure portal access

Explanation

The correct approach navigates to the SQL Server's Firewall and Virtual Networks settings and adds a virtual network rule scoped specifically to Subnet0 within VNET01, which restricts inbound connections to only that subnet. This leverages Azure's service endpoint integration, ensuring traffic from Subnet0 is permitted while all other sources (including other subnets and public IPs) are implicitly denied. Using 'Add existing' allows selection of a pre-existing virtual network and subnet rather than creating a new one, which matches the scenario's requirement.

No community discussion yet for this question.