Explanation:
To restrict access to the analytical data store so that only users from the Litware on-premises network can access it, the optimal solution is a server-level firewall IP rule.
Server-Level Firewall IP Rule provides comprehensive protection at the server level, meaning all databases and resources managed by that server inherit the same access restrictions. This approach:
Option A (Server-level virtual network rule): This requires Azure Virtual Network integration, which contradicts the scenario since Litware explicitly states they don't plan to implement VPN or ExpressRoute connectivity between on-premises and Azure.
Option B (Database-level virtual network rule): Similar to Option A, this requires virtual network connectivity that isn't planned, and it only protects individual databases rather than the entire server.
Option D (Database-level firewall IP rule): While this follows the principle of least privilege, it's insufficient because:
The scenario emphasizes preventing external access entirely, which makes server-level protection more appropriate than database-level granularity. Since there's no virtual network connectivity planned, IP-based firewall rules at the server level provide the most effective and comprehensive security solution.
Ultimate access to all questions.
What should you recommend to restrict access to the analytical data store so that only users connected from the Litware on-premises network can access it?
A
a server-level virtual network rule
B
a database-level virtual network rule
C
a server-level firewall IP rule
D
a database-level firewall IP rule
No comments yet.