Microsoft Cybersecurity Architect Expert SC-100
Get started today
Ultimate access to all questions.
Fabrikam plans to implement an internet-accessible application named ClaimsApp with specific requirements related to its deployment and database access. ClaimsApp will be deployed on Azure App Service instances that will connect to Vnet1 and Vnet2, and users will access the application via a URL (https://claims.fabrikam.com). In addition, ClaimsApp will need to access data stored in ClaimsDB. Critical requirements include that ClaimsDB must only be accessible from Azure virtual networks, and appropriate app service permissions need to be assigned to ClaimsApp for accessing ClaimsDB. Given these specifications, what solutions would you recommend to meet the requirements for connections to ClaimsDB?
Fabrikam plans to implement an internet-accessible application named ClaimsApp with specific requirements related to its deployment and database access. ClaimsApp will be deployed on Azure App Service instances that will connect to Vnet1 and Vnet2, and users will access the application via a URL (https://claims.fabrikam.com). In addition, ClaimsApp will need to access data stored in ClaimsDB. Critical requirements include that ClaimsDB must only be accessible from Azure virtual networks, and appropriate app service permissions need to be assigned to ClaimsApp for accessing ClaimsDB. Given these specifications, what solutions would you recommend to meet the requirements for connections to ClaimsDB?
Explanation:
To meet the requirements for connections to ClaimsDB, you should use a private endpoint and a managed identity. A private endpoint ensures that ClaimsDB is accessible only from Azure virtual networks, as it sets up a private IP address for the Azure SQL Database within a specific virtual network. This makes the database inaccessible from the public internet. A managed identity provides Azure services with an automatically managed identity in Azure Active Directory, allowing ClaimsApp to authenticate to ClaimsDB without managing credentials and assigning the necessary permissions for ClaimsDB access.