Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Microsoft
  3. DP-300

Microsoft DP-300 Exam (page: 10)
Microsoft Administering Azure SQL Solutions
Updated on: 15-Dec-2025

Viewing Page 10 of 54
DP-300 PDF 430 Questions

HOTSPOT (Drag and Drop is not supported)

You have two Azure SQL databases named SQLDB1 and SQLDB2 in the Hyperscale service tier. SQLDB1 was set to the Hyperscale service tier when the database was created. SQLDB2 was changed from the Business Critical service tier to the Hyperscale service tier during the last 14 days.

You need to change SQLDB1 and SQLDB2 to the Business Critical service tier. The solution must minimize the administrative effort.

What should you do first? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:





Box 1: Export the data
On SQLDB1

For databases that don't qualify for reverse migration [See Limitations for reverse migration below], the only way to migrate from Hyperscale to a non-Hyperscale service tier is to export/import using a bacpac file or other data movement technologies (Bulk Copy, Azure Data Factory, Azure Databricks, SSIS, etc.)

Box 2: Set the Service tier to General Purpose.
On SQLDB2

Reverse migrate a database from Hyperscale
You can migrate an existing Hyperscale database in Azure SQL Database to the General Purpose service tier using the Azure portal, the Azure CLI, PowerShell, or Transact-SQL.

Reverse migration to the General Purpose service tier allows customers who have recently converted an existing database in Azure SQL Database to Hyperscale to move back in an emergency, should Hyperscale not meet their needs.
While reverse migration is initiated by a service tier change, it's essentially a size-of-data move between different architectures.

Limitations for reverse migration
Reverse migration is available under the following conditions:

*-> Reverse migration is only available within 45 days of the original migration to Hyperscale. *-> Databases originally created in the Hyperscale service tier aren't eligible for reverse migration.
* Etc.


Reference:

https://learn.microsoft.com/en-us/azure/azure-sql/database/reverse-migrate-from-hyperscale



You have five on-premises servers that have Microsoft SQL Server 2022 Enterprise installed. Each server contains multiple database that store data for web apps and are backed up by using a third-party backup solution.

You plan to migrate the databases to Azure.

You need to recommend a solution to host the databases. The solution must meet the following requirements:

Compute and storage resources must be shared across the databases.

Costs must be minimized.

What should you include in the recommendation?

  1. Azure SQL Managed Instance
  2. Azure SQL Database
  3. an Azure SQL Database elastic pool
  4. SQL Server on Azure Virtual Machines

Answer(s): D

Explanation:

Migration overview: SQL Server to Azure SQL Database
SQL Server VM alternative
Your business might have requirements that make SQL Server on Azure Virtual Machines a more suitable target than Azure SQL Database.
If one of the following conditions applies to your business, consider moving to a SQL Server virtual machine (VM) instead:
*-> You require direct access to the operating system or file system, such as to install third-party or custom agents on the same virtual machine with SQL Server.
* You have strict dependency on features that are still not supported, such as FileStream/FileTable, PolyBase, and cross-instance transactions.
* You need to stay at a specific version of SQL Server (2012, for example).
* Your compute requirements are much lower than a managed instance offers (one vCore, for example), and database consolidation isn't an acceptable option.


Reference:

https://learn.microsoft.com/en-us/data-migration/sql-server/database/overview




Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs.
When you are ready to answer a question, click the Question button to return to the question.

Overview
ADatum Corporation is a financial services company that has a main office in New York City.
Existing Environment. Licensing Agreement
ADatum has a Microsoft Volume Licensing agreement that includes Software Assurance.
Existing Environment. Network Infrastructure
ADatum has an on-premises datacenter and an Azure subscription named Sub1.
Sub1 contains a virtual network named Network1 in the East US Azure region.
The datacenter is connected to Network1 by using a Site-to-Site (S2S) VPN.
Existing Environment. Identity Environment
The on-premises network contains an Active Directory Domain Services (AD DS) forest.
The forest contains a single domain named corp.adatum.com.
The corp.adatum.com domain syncs with a Microsoft Entra tenant named adatum.com.
Existing Environment. Database Environment
The datacenter contains the servers shown in the following table.



DB1 and DB2 are used for transactional and analytical workloads by an application named App1.
App1 runs on Microsoft Entra hybrid joined servers that run Windows Server 2022. App1 uses Kerberos authentication.
DB3 stores compliance data used by two applications named App2 and App3.
DB3 performance is monitored by using Extended Events sessions, with the event_file target set to a file share on a local disk of SVR3.
Resource allocation for DB3 is managed by using Resource Governor.
Requirements. Planned Changes
ADatum plans to implement the following changes:
Deploy an Azure SQL managed instance named Instance1 to Network1.

Migrate DB1 and DB2 to Instance1.

Migrate DB3 to Azure SQL Database.

Following the migration of DB1 and DB2, hand over database development to remote developers who use

Microsoft Entra joined Windows 11 devices.
Following the migration of DB3, configure the database to be part of an auto-failover group.

Requirements. Availability Requirements
ADatum identifies the following post-migration availability requirements:
For DB1 and DB2, offload analytical workloads to a read-only database replica in the same Azure region.

Ensure that if a regional disaster occurs, DB1 and DB2 can be recovered from backups.

After the migration, App1 must maintain access to DB1 and DB2.

For DB3, manage potential performance issues caused by resource demand changes by App2 and App3.

Ensure that DB3 will still be accessible following a planned failover.

Ensure that DB3 can be restored if the logical server is deleted.

Minimize downtime during the migration of DB1 and DB2.

Requirements. Security Requirements
ADatum identifies the following security requirements for after the migration:
Ensure that only designated developers who use Microsoft Entra joined Windows 11 devices can access

DB1 and DB2 remotely.
Ensure that all changes to DB3, including ones within individual transactions, are audited and recorded.

Requirements. Management Requirements
ADatum identifies the following post-migration management requirements:

Continue using Extended Events to monitor DB3.

In Azure SQL Database, automate the management of DB3 by using elastic jobs that have database-scoped credentials.
Requirements. Business Requirements
ADatum identifies the following business requirements:
Minimize costs whenever possible, without affecting other requirements.

Minimize administrative effort.

You need to recommend a process to automate the management of DB3. The solution must meet the management requirements.

What should be the first step of the process?

  1. Configure Microsoft Entra authentication for the logical server that hosts DB3.
  2. Configure a private endpoint for connectivity to DB3.
  3. Create database-scoped credentials in DB3.
  4. Create a database that has database-scoped credentials.

Answer(s): C

Explanation:

Use database-scoped credentials
You can use a database-scoped credential in the job database and in each target server/database for authentication. In the past, database-scoped credentials were the only option available with elastic jobs.
Scenario: . Management Requirements
ADatum identifies the following post-migration management requirements:
In Azure SQL Database, automate the management of DB3 by using elastic jobs that have database-scoped credentials.


Reference:

https://learn.microsoft.com/en-us/azure/azure-sql/database/elastic-jobs-tutorial




Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs.
When you are ready to answer a question, click the Question button to return to the question.

Overview
ADatum Corporation is a financial services company that has a main office in New York City.
Existing Environment. Licensing Agreement
ADatum has a Microsoft Volume Licensing agreement that includes Software Assurance.
Existing Environment. Network Infrastructure
ADatum has an on-premises datacenter and an Azure subscription named Sub1.
Sub1 contains a virtual network named Network1 in the East US Azure region.
The datacenter is connected to Network1 by using a Site-to-Site (S2S) VPN.
Existing Environment. Identity Environment
The on-premises network contains an Active Directory Domain Services (AD DS) forest.
The forest contains a single domain named corp.adatum.com.
The corp.adatum.com domain syncs with a Microsoft Entra tenant named adatum.com.
Existing Environment. Database Environment
The datacenter contains the servers shown in the following table.



DB1 and DB2 are used for transactional and analytical workloads by an application named App1.
App1 runs on Microsoft Entra hybrid joined servers that run Windows Server 2022. App1 uses Kerberos authentication.
DB3 stores compliance data used by two applications named App2 and App3.
DB3 performance is monitored by using Extended Events sessions, with the event_file target set to a file share on a local disk of SVR3.
Resource allocation for DB3 is managed by using Resource Governor.
Requirements. Planned Changes
ADatum plans to implement the following changes:
Deploy an Azure SQL managed instance named Instance1 to Network1.

Migrate DB1 and DB2 to Instance1.

Migrate DB3 to Azure SQL Database.

Following the migration of DB1 and DB2, hand over database development to remote developers who use

Microsoft Entra joined Windows 11 devices.
Following the migration of DB3, configure the database to be part of an auto-failover group.

Requirements. Availability Requirements
ADatum identifies the following post-migration availability requirements:
For DB1 and DB2, offload analytical workloads to a read-only database replica in the same Azure region.

Ensure that if a regional disaster occurs, DB1 and DB2 can be recovered from backups.

After the migration, App1 must maintain access to DB1 and DB2.

For DB3, manage potential performance issues caused by resource demand changes by App2 and App3.

Ensure that DB3 will still be accessible following a planned failover.

Ensure that DB3 can be restored if the logical server is deleted.

Minimize downtime during the migration of DB1 and DB2.

Requirements. Security Requirements
ADatum identifies the following security requirements for after the migration:
Ensure that only designated developers who use Microsoft Entra joined Windows 11 devices can access

DB1 and DB2 remotely.
Ensure that all changes to DB3, including ones within individual transactions, are audited and recorded.

Requirements. Management Requirements
ADatum identifies the following post-migration management requirements:

Continue using Extended Events to monitor DB3.

In Azure SQL Database, automate the management of DB3 by using elastic jobs that have database-scoped credentials.
Requirements. Business Requirements
ADatum identifies the following business requirements:
Minimize costs whenever possible, without affecting other requirements.

Minimize administrative effort.

DRAG DROP (Drag and Drop is not supported)

You need to recommend an authentication solution for App1 access to DB1 and DB2 after their migration to Instance1. The solution must meet the availability requirements.

Which actions should you perform in sequence? To answer, drag the appropriate actions to the correct order. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Note: Each correct selection is worth one point.

Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:






Step 2: Implement Microsoft Entra Cloud Sync
How to set up Windows Authentication for Azure SQL Managed Instance using Microsoft Entra ID and Kerberos

One-time infrastructure setup
The first step in infrastructure setup is to synchronize AD with Microsoft Entra ID, if this hasn't already been completed.

Synchronize AD with Microsoft Entra ID
Customers should first implement Microsoft Entra Connect to integrate on-premises directories with Microsoft Entra ID.

Microsoft Entra Connect is an on-premises Microsoft application that's designed to meet and accomplish your hybrid identity goals. If you're evaluating how to best meet your goals, you should also consider the cloud- managed solution Microsoft Entra Cloud Sync.

Note: There are two phases to set up Windows Authentication for Azure SQL Managed Instance using Microsoft Entra ID and Kerberos.

* One-time infrastructure setup.
- Synchronize Active Directory (AD) and Microsoft Entra ID, if this hasn't already been done.
- Etc

* Configuration of Azure SQL Managed Instance.
Create a system assigned service principal for each managed instance.

Step 3: Enable a system-assigned service principal

Scenario:
App1 runs on Microsoft Entra hybrid joined servers that run Windows Server 2022. App1 uses Kerberos authentication.

After the migration, App1 must maintain access to DB1 and DB2.

Planned Changes
Deploy an Azure SQL managed instance named Instance1 to Network1.
Migrate DB1 and DB2 to Instance1.

Incorrect:
* Grant admin consent to an app registration in Microsoft Entra When you grant tenant-wide admin consent to an application, you give the application access to the permissions requested on behalf of the whole organization. Granting admin consent on behalf of an organization is a sensitive operation, potentially allowing the application's publisher access to significant portions of your organization's data, or the permission to do highly privileged operations. Examples of such operations might be role management, full access to all mailboxes or all sites, and full user impersonation. Therefore, you need to carefully review the permissions that the application is requesting before you grant consent.


Reference:

https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/winauth-implementation-aad-kerberos https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/winauth-azuread-setup https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/whatis-azure-ad-connect




Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs.
When you are ready to answer a question, click the Question button to return to the question.

Overview
ADatum Corporation is a financial services company that has a main office in New York City.
Existing Environment. Licensing Agreement
ADatum has a Microsoft Volume Licensing agreement that includes Software Assurance.
Existing Environment. Network Infrastructure
ADatum has an on-premises datacenter and an Azure subscription named Sub1.
Sub1 contains a virtual network named Network1 in the East US Azure region.
The datacenter is connected to Network1 by using a Site-to-Site (S2S) VPN.
Existing Environment. Identity Environment
The on-premises network contains an Active Directory Domain Services (AD DS) forest.
The forest contains a single domain named corp.adatum.com.
The corp.adatum.com domain syncs with a Microsoft Entra tenant named adatum.com.
Existing Environment. Database Environment
The datacenter contains the servers shown in the following table.



DB1 and DB2 are used for transactional and analytical workloads by an application named App1.
App1 runs on Microsoft Entra hybrid joined servers that run Windows Server 2022. App1 uses Kerberos authentication.
DB3 stores compliance data used by two applications named App2 and App3.
DB3 performance is monitored by using Extended Events sessions, with the event_file target set to a file share on a local disk of SVR3.
Resource allocation for DB3 is managed by using Resource Governor.
Requirements. Planned Changes
ADatum plans to implement the following changes:
Deploy an Azure SQL managed instance named Instance1 to Network1.

Migrate DB1 and DB2 to Instance1.

Migrate DB3 to Azure SQL Database.

Following the migration of DB1 and DB2, hand over database development to remote developers who use

Microsoft Entra joined Windows 11 devices.
Following the migration of DB3, configure the database to be part of an auto-failover group.

Requirements. Availability Requirements
ADatum identifies the following post-migration availability requirements:
For DB1 and DB2, offload analytical workloads to a read-only database replica in the same Azure region.

Ensure that if a regional disaster occurs, DB1 and DB2 can be recovered from backups.

After the migration, App1 must maintain access to DB1 and DB2.

For DB3, manage potential performance issues caused by resource demand changes by App2 and App3.

Ensure that DB3 will still be accessible following a planned failover.

Ensure that DB3 can be restored if the logical server is deleted.

Minimize downtime during the migration of DB1 and DB2.

Requirements. Security Requirements
ADatum identifies the following security requirements for after the migration:
Ensure that only designated developers who use Microsoft Entra joined Windows 11 devices can access

DB1 and DB2 remotely.
Ensure that all changes to DB3, including ones within individual transactions, are audited and recorded.

Requirements. Management Requirements
ADatum identifies the following post-migration management requirements:

Continue using Extended Events to monitor DB3.

In Azure SQL Database, automate the management of DB3 by using elastic jobs that have database-scoped credentials.
Requirements. Business Requirements
ADatum identifies the following business requirements:
Minimize costs whenever possible, without affecting other requirements.

Minimize administrative effort.

You need to recommend a solution that will enable remote developers to access DB1 and DB2. The solution must support the planned changes and meet the security requirements.

What should you include in the recommendation?

  1. a public endpoint via a database-level firewall rule
  2. a Point-to-Site (P2S) VPN
  3. a public endpoint via a server-level firewall rule
  4. a private endpoint

Answer(s): D

Explanation:

Azure SQL Managed Instance is secured using network security rules and private endpoints.
Private endpoints
A private endpoint is an optional fixed IP address in another virtual network that conducts traffic to your SQL managed instance. One Azure SQL Managed Instance can have multiple private endpoints in multiple virtual networks. Private endpoints allow TDS traffic only to reach SQL Managed Instance on port 1433 and can't be used for integration scenarios, such as failover groups, Managed Instance link, and other similar technologies.
When connecting to a private endpoint, always use the domain name since connecting to Azure SQL Managed Instance via its IP address isn't supported yet.
Scenario:
Requirements. Planned Changes
Deploy an Azure SQL managed instance named Instance1 to Network1.
Migrate DB1 and DB2 to Instance1
Following the migration of DB1 and DB2, hand over database development to remote developers who use Microsoft Entra joined Windows 11 devices.
Requirements. Security Requirements
ADatum identifies the following security requirements for after the migration:
Ensure that only designated developers who use Microsoft Entra joined Windows 11 devices can access DB1
and DB2 remotely.


Reference:

https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/connectivity-architecture-overview




Case Study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs.

When you are ready to answer a question, click the Question button to return to the question.

Overview
Litware, Inc. is a renewable energy company that has a main office in Boston. The main office hosts a sales department and the primary datacenter for the company.

Physical Locations
Litware has a manufacturing office and a research office in separate locations near Boston. Each office has its own datacenter and internet connection.

Existing Environment

Network Environment

The manufacturing and research datacenters connect to the primary datacenter by using a VPN.
The primary datacenter has an ExpressRoute connection that uses both Microsoft peering and private peering.

The private peering connects to an Azure virtual network named HubVNet.
Identity Environment
Litware has a hybrid Microsoft Entra ID deployment that uses a domain named litwareinc.com. All Azure subscriptions are associated to the litwareinc.com Microsoft Entra tenant.

Database Environment
The sales department has the following database workload:
An on-premises server named SERVER1 hosts an instance of Microsoft SQL Server 2012 and two 1-TB databases.
A logical server named SalesSrv01A contains a geo-replicated Azure SQL database named SalesSQLDb1.

SalesSQLDb1 is in an elastic pool named SalesSQLDb1Pool. SalesSQLDb1 uses database firewall rules and contained database users.
An application named SalesSQLDb1App1 uses SalesSQLDb1.

The manufacturing office contains two on-premises SQL Server 2016 servers named SERVER2 and SERVER3. The servers are nodes in the same Always On availability group. The availability group contains a database named ManufacturingSQLDb1.

Database administrators have two Azure virtual machines in HubVnet named VM1 and VM2 that run Windows Server 2019 and are used to manage all the Azure databases.

Current Problems
Litware is a Microsoft Volume Licensing customer that has License Mobility through Software Assurance.
Current Problems
SalesSQLDb1 experiences performance issues that are likely due to out-of-date statistics and frequent blocking queries.

Requirements:

Planned Changes
Litware plans to implement the following changes:
Implement 30 new databases in Azure, which will be used by time-sensitive manufacturing apps that have varying usage patterns. Each database will be approximately 20 GB.
Create a new Azure SQL database named ResearchDB1 on a logical server named ResearchSrv01.

ResearchDB1 will contain Personally Identifiable Information (PII) data.
Develop an app named ResearchApp1 that will be used by the research department to populate and access ResearchDB1.
Migrate ManufacturingSQLDb1 to the Azure virtual machine platform.

Migrate the SERVER1 databases to the Azure SQL Database platform.

Technical Requirements

Litware identifies the following technical requirements:
Maintenance tasks must be automated.

The 30 new databases must scale automatically.

The use of an on-premises infrastructure must be minimized.

Azure Hybrid Use Benefits must be leveraged for Azure SQL Database deployments.

All SQL Server and Azure SQL Database metrics related to CPU and storage usage and limits must be analyzed by using Azure built-in functionality.
Security and Compliance Requirements
Litware identifies the following security and compliance requirements:
Store encryption keys in Azure Key Vault.

Retain backups of the PII data for two months.

Encrypt the PII data at rest, in transit, and in use.

Use the principle of least privilege whenever possible.

Authenticate database users by using Active Directory credentials.

Protect Azure SQL Database instances by using database-level firewall rules.

Ensure that all databases hosted in Azure are accessible from VM1 and VM2 over the Azure backbone network.
Business Requirements

Litware identifies the following business requirements:
Meet an SLA of 99.99% availability for all Azure deployments.

Minimize downtime during the migration of the SERVER1 databases.

Use the Azure Hybrid Use Benefits when migrating workloads to Azure.

Once all requirements are met, minimize costs whenever possible.

DRAG DROP (Drag and Drop is not supported)

You create all of the tables and views for ResearchDB1.

You need to implement security for ResearchDB1. The solution must meet the security and compliance requirements.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:





Box 1: - Register ResearchApp1 to Microsoft Entra ID.

Box 2: Create an Azure Key Vault instance and configure an access policy. Need to configure the key vault with an access policy to enable ResearchApp1 retrieval of the keys.

Box 3: Run the Always Encrypt wizard.
Run the Always Encrypt wizard to encrypt the columns and store the encryption keys in the vault.


Reference:

https://docs.microsoft.com/en-us/azure/azure-sql/database/always-encrypted-azure-key-vault-configure? tabs=azure-powershell




Case Study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs.

When you are ready to answer a question, click the Question button to return to the question.

Overview
Litware, Inc. is a renewable energy company that has a main office in Boston. The main office hosts a sales department and the primary datacenter for the company.

Physical Locations
Litware has a manufacturing office and a research office in separate locations near Boston. Each office has its own datacenter and internet connection.

Existing Environment

Network Environment

The manufacturing and research datacenters connect to the primary datacenter by using a VPN.
The primary datacenter has an ExpressRoute connection that uses both Microsoft peering and private peering.

The private peering connects to an Azure virtual network named HubVNet.
Identity Environment
Litware has a hybrid Microsoft Entra ID deployment that uses a domain named litwareinc.com. All Azure subscriptions are associated to the litwareinc.com Microsoft Entra tenant.

Database Environment
The sales department has the following database workload:
An on-premises server named SERVER1 hosts an instance of Microsoft SQL Server 2012 and two 1-TB databases.
A logical server named SalesSrv01A contains a geo-replicated Azure SQL database named SalesSQLDb1.

SalesSQLDb1 is in an elastic pool named SalesSQLDb1Pool. SalesSQLDb1 uses database firewall rules and contained database users.
An application named SalesSQLDb1App1 uses SalesSQLDb1.

The manufacturing office contains two on-premises SQL Server 2016 servers named SERVER2 and SERVER3. The servers are nodes in the same Always On availability group. The availability group contains a database named ManufacturingSQLDb1.

Database administrators have two Azure virtual machines in HubVnet named VM1 and VM2 that run Windows Server 2019 and are used to manage all the Azure databases.

Current Problems
Litware is a Microsoft Volume Licensing customer that has License Mobility through Software Assurance.
Current Problems
SalesSQLDb1 experiences performance issues that are likely due to out-of-date statistics and frequent blocking queries.

Requirements:

Planned Changes
Litware plans to implement the following changes:
Implement 30 new databases in Azure, which will be used by time-sensitive manufacturing apps that have varying usage patterns. Each database will be approximately 20 GB.
Create a new Azure SQL database named ResearchDB1 on a logical server named ResearchSrv01.

ResearchDB1 will contain Personally Identifiable Information (PII) data.
Develop an app named ResearchApp1 that will be used by the research department to populate and access ResearchDB1.
Migrate ManufacturingSQLDb1 to the Azure virtual machine platform.

Migrate the SERVER1 databases to the Azure SQL Database platform.

Technical Requirements

Litware identifies the following technical requirements:
Maintenance tasks must be automated.

The 30 new databases must scale automatically.

The use of an on-premises infrastructure must be minimized.

Azure Hybrid Use Benefits must be leveraged for Azure SQL Database deployments.

All SQL Server and Azure SQL Database metrics related to CPU and storage usage and limits must be analyzed by using Azure built-in functionality.
Security and Compliance Requirements
Litware identifies the following security and compliance requirements:
Store encryption keys in Azure Key Vault.

Retain backups of the PII data for two months.

Encrypt the PII data at rest, in transit, and in use.

Use the principle of least privilege whenever possible.

Authenticate database users by using Active Directory credentials.

Protect Azure SQL Database instances by using database-level firewall rules.

Ensure that all databases hosted in Azure are accessible from VM1 and VM2 over the Azure backbone network.
Business Requirements

Litware identifies the following business requirements:
Meet an SLA of 99.99% availability for all Azure deployments.

Minimize downtime during the migration of the SERVER1 databases.

Use the Azure Hybrid Use Benefits when migrating workloads to Azure.

Once all requirements are met, minimize costs whenever possible.

DRAG DROP (Drag and Drop is not supported)

You need to configure user authentication for the SERVER1 databases. The solution must meet the security and compliance requirements.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:






Scenario: Authenticate database users by using Active Directory credentials.

The configuration steps include the following procedures to configure and use Microsoft Entra authentication.

1. Create and populate Microsoft Entra ID.
2. Optional: Associate or change the active directory that is currently associated with your Azure Subscription.
3. Create a Microsoft Entra administrator. (Step 1)
4. Connect to the databases using a Microsoft Entra account (the Administrator account that was configured in the previous step). (Step 2)
5. Create contained database users in your database mapped to Microsoft Entra identities. (Step 3)


Reference:

https://docs.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?tabs=azure- powershell




Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs.
When you are ready to answer a question, click the Question button to return to the question.

Overview

General Overview

Contoso, Ltd. is a financial data company that has 100 employees. The company delivers financial data to customers.

Physical Locations

Contoso has a datacenter in Los Angeles and an Azure subscription. All Azure resources are in the US West 2 Azure region. Contoso has a 10-Gb ExpressRoute connection to Azure.

The company has customers worldwide.

Existing Environment

Active Directory

Contoso has a hybrid Microsoft Entra ID deployment that syncs to on-premises Active Directory.

Database Environment

Contoso has SQL Server 2017 on Azure virtual machines shown in the following table.



SQL1 and SQL2 are in an Always On availability group and are actively queried. SQL3 runs jobs, provides historical data, and handles the delivery of data to customers.

The on-premises datacenter contains a PostgreSQL server that has a 50-TB database.

Current Business Model

Contoso uses Microsoft SQL Server Integration Services (SSIS) to create flat files for customers. The customers receive the files by using FTP.

Requirements:

Planned Changes

Contoso plans to move to a model in which they deliver data to customer databases that run as platform as a service (PaaS) offerings.
When a customer establishes a service agreement with Contoso, a separate resource group that contains an Azure SQL database will be provisioned for the customer. The database will have a complete copy of the financial data. The data to which each customer will have access will depend on the service agreement tier. The customers can change tiers by changing their service agreement.

The estimated size of each PaaS database is 1 TB.

Contoso plans to implement the following changes:

Move the PostgreSQL database to Azure Database for PostgreSQL during the next six months.

Upgrade SQL1, SQL2, and SQL3 to SQL Server 2019 during the next few months.

Start onboarding customers to the new PaaS solution within six months.

Business Goals

Contoso identifies the following business requirements:

Use built-in Azure features whenever possible.

Minimize development effort whenever possible.

Minimize the compute costs of the PaaS solutions.

Provide all the customers with their own copy of the database by using the PaaS solution.

Provide the customers with different table and row access based on the customer's service agreement.

In the event of an Azure regional outage, ensure that the customers can access the PaaS solution with minimal downtime. The solution must provide automatic failover. Ensure that users of the PaaS solution can create their own database objects but be prevented from modifying any of the existing database objects supplied by Contoso.

Technical Requirements

Contoso identifies the following technical requirements:

Users of the PaaS solution must be able to sign in by using their own corporate Microsoft Entra credentials or have Microsoft Entra credentials supplied to them by Contoso. The solution must avoid using the internal Microsoft Entra ID of Contoso to minimize guest users.
All customers must have their own resource group, Azure SQL server, and Azure SQL database. The deployment of resources for each customer must be done in a consistent fashion. Users must be able to review the queries issued against the PaaS databases and identify any new objects created.
Downtime during the PostgreSQL database migration must be minimized.

Monitoring Requirements

Contoso identifies the following monitoring requirements:

Notify administrators when a PaaS database has a higher than average CPU usage.

Use a single dashboard to review security and audit data for all the PaaS databases.

Use a single dashboard to monitor query performance and bottlenecks across all the PaaS databases.

Monitor the PaaS databases to identify poorly performing queries and resolve query performance issues automatically whenever possible.

PaaS Prototype

During prototyping of the PaaS solution in Azure, you record the compute utilization of a customer's Azure SQL database as shown in the following exhibit.



Role Assignments

For each customer's Azure SQL Database server, you plan to assign the roles shown in the following exhibit.



HOTSPOT (Drag and Drop is not supported)

You are evaluating the role assignments.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:





Box 1: No
DBAGroup1 is member of the Contributor role.
The Contributor role grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.

Box 2: No
Contributor - Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC SQL DB Contributor - Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers.

Box 3: Yes
DBAGroup2 is member of the SQL DB Contributor role.
The SQL DB Contributor role lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers. As a member of this role you can create and manage SQL databases.


Reference:

https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles



Viewing Page 10 of 54



Share your comments for Microsoft DP-300 exam with other users:

SD 7/13/2023 12:56:00 AM

good questions
UNITED STATES


kanjoe 7/2/2023 11:40:00 AM

good questons
UNITED STATES


Mahmoud 7/6/2023 4:24:00 AM

i need the dumb of the hcip security v4.0 exam
EGYPT


Wei 8/3/2023 4:18:00 AM

upload the dump please
HONG KONG


Stephen 10/3/2023 6:24:00 PM

yes, iam looking this
AUSTRALIA


Stephen 8/4/2023 9:08:00 PM

please upload cima e2 managing performance dumps
Anonymous


hp 6/16/2023 12:44:00 AM

wonderful questions
Anonymous


Priyo 11/14/2023 2:23:00 AM

i used this site since 2000, still great to support my career
INDONESIA


Jude 8/29/2023 1:56:00 PM

why is the answer to "which of the following is required by scrum?" all of the following stated below since most of them are not mandatory? sprint retrospective. members must be stand up at the daily scrum. sprint burndown chart. release planning.
UNITED STATES


Marc blue 9/15/2023 4:11:00 AM

great job. hope this helps out.
UNITED STATES


Anne 9/13/2023 2:33:00 AM

upload please. many thanks!
Anonymous


pepe el toro 9/12/2023 7:55:00 PM

this is so interesting
Anonymous


Antony 11/28/2023 12:13:00 AM

great material thanks
AUSTRALIA


Thembelani 5/30/2023 2:22:00 AM

anyone who wrote this exam recently
Anonymous


P 9/16/2023 1:27:00 AM

ok they re good
Anonymous


Jorn 7/13/2023 5:05:00 AM

relevant questions
UNITED KINGDOM


AM 6/20/2023 7:54:00 PM

please post
UNITED STATES


Nagendra Pedipina 7/13/2023 2:22:00 AM

q:42 there has to be a image in the question to choose what does it mean from the options
INDIA


BrainDumpee 11/18/2023 1:36:00 PM

looking for cphq dumps, where can i find these for free? please and thank you.
UNITED STATES


sheik 10/14/2023 11:37:00 AM

@aarun , thanks for the information. it would be great help if you share your email
Anonymous


Random user 12/11/2023 1:34:00 AM

1z0-1078-23 need this dumps
Anonymous


labuschanka 11/16/2023 6:06:00 PM

i gave the microsoft azure az-500 tests and prepared from this site as it has latest mock tests available which helped me evaluate my performance and score 919/1000
Anonymous


Marianne 10/22/2023 11:57:00 PM

i cannot see the button to go to the questions
Anonymous


sushant 6/28/2023 4:52:00 AM

good questions
EUROPEAN UNION


A\MAM 6/27/2023 5:17:00 PM

q-6 ans-b correct. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-cli-quick-start/use-the-cli/commit-configuration-changes
UNITED STATES


unanimous 12/15/2023 6:38:00 AM

very nice very nice
Anonymous


akminocha 9/28/2023 10:36:00 AM

please help us with 1z0-1107-2 dumps
INDIA


Jefi 9/4/2023 8:15:00 AM

please upload the practice questions
Anonymous


Thembelani 5/30/2023 2:45:00 AM

need this dumps
Anonymous


Abduraimov 4/19/2023 12:43:00 AM

preparing for this exam is overwhelming. you cannot pass without the help of these exam dumps.
UNITED KINGDOM


Puneeth 10/5/2023 2:06:00 AM

new to this site but i feel it is good
EUROPEAN UNION


Ashok Kumar 1/2/2024 6:53:00 AM

the correct answer to q8 is b. explanation since the mule app has a dependency, it is necessary to include project modules and dependencies to make sure the app will run successfully on the runtime on any other machine. source code of the component that the mule app is dependent of does not need to be included in the exported jar file, because the source code is not being used while executing an app. compiled code is being used instead.
Anonymous


Merry 7/30/2023 6:57:00 AM

good questions
Anonymous


VoiceofMidnight 12/17/2023 4:07:00 PM

Delayed the exam until December 29th.
UNITED STATES