Azure SQL Improved Flashcards

Question 1

Q

What are the types of Azure SQL Database offerings?

Answer

A

Azure SQL Database Offerings:

SQL Server on Azure Virtual Machines
Azure SQL Managed Instance
- General Purpose
- Business Critical
Azure SQL Database
- General Purpose
- Business Critical
- Hyperscale
- Elastic Pool

Question 2

Q

When should I use Azure SQL Managed Instance?

Answer

A

Azure SQL Managed Instance is an ideal choice when you need a fully managed SQL Server instance in the cloud that supports the following scenarios:

Easy Lift-and-Shift for On-Premises SQL Server Workloads: It offers near-full compatibility with on-premises SQL Server, making it an excellent option for migrating existing SQL Server workloads with minimal changes to applications or databases.
Extended SQL Server Features: It includes features not available in Azure SQL Database, such as SQL Agent, cross-database queries, and Service Broker, which are essential for applications relying on these functionalities.
Network Isolation and Enhanced Security: If you need to isolate your database within a private network and integrate it with on-premises resources, Managed Instance can be deployed within a virtual network (VNet), enabling private IP access and enhanced security configurations.
Compliance with Enterprise Requirements: It supports compliance needs with features like Azure Active Directory (Entra ID) authentication, Transparent Data Encryption (TDE), and Advanced Threat Protection (ATP).
Scaling for Enterprise Workloads: It provides scaling options for both compute and storage, beneficial for enterprise applications with demanding performance and storage needs.
Hybrid Cloud and Application Modernization: It allows for seamless integration and hybrid setups with features like Linked Servers and cross-premises connectivity, ideal for modernizing parts of an on-premises SQL Server setup while keeping certain components in the cloud.

Question 3

Q

When should you use Azure SQL Database elastic pools?

Answer

A

Azure SQL Database elastic pools are ideal when you have multiple databases that:

Have Variable and Unpredictable Usage Patterns: Elastic pools are cost-effective for databases with varying or unpredictable demand, as they allow you to balance performance costs across multiple databases.
Need Resource Sharing and Cost Savings: They enable multiple databases to share a set of resources (DTUs or vCores) at a fixed price, which can be more economical than provisioning resources for each database individually, especially for databases with low or intermittent usage.
Use a Single-Tenant or Multi-Tenant SaaS Model: In multi-tenant SaaS scenarios, where each tenant might have its own database, elastic pools provide predictable costs while accommodating varying tenant usage.
Require Scaling for Numerous Databases: Elastic pools simplify the management and scaling of a group of databases, eliminating the need to scale each database individually.
Operate Under a Fixed Budget: By placing multiple databases into an elastic pool, you can control costs while ensuring sufficient resources to handle varying workload demands across the databases.

Question 4

Q

When is it most appropriate to use Azure SQL Virtual Machines?

Answer

A

Azure SQL Virtual Machines are most appropriate when you need full control over the operating system, require customization of the SQL Server instance, or need to use features that are not available in Azure SQL Database. They are ideal for scenarios where you need to migrate existing SQL Server workloads with minimal changes, require SQL Server Reporting Services (SSRS), or need to use SQL Server features like SQL Server Agent or Service Broker.

Question 5

Q

Who is responsible for patching the operating system when using SQL Server on Azure Virtual Machines?

Answer

A

You are responsible for patching.

When using SQL Server on Azure Virtual Machines, the customer is responsible for patching the operating system. Azure provides tools and services to assist with SQL Server updates and maintenance, but the management of the underlying virtual machine and its operating system, including applying patches and updates, is the customer’s responsibility.

In contrast, with Azure SQL Database, which is a fully managed Platform as a Service (PaaS) offering, Microsoft handles both operating system and database patching, reducing the customer’s maintenance responsibilities.

Question 6

Q

Who is responsible for patching the operating system and database engine in Azure SQL Database?

Answer

A

Microsoft is responsible for patching the operating system, database engine, and all underlying infrastructure in Azure SQL Database. This is part of the fully managed platform-as-a-service (PaaS) model, which ensures regular updates, patches, and backups for availability, security, and compliance.

Question 7

Q

When using Azure SQL on virtual machines, which type of VM should you consider for optimal performance?

Answer

A

For optimal performance when using Azure SQL on virtual machines, consider using a memory-optimized or storage optimized virtual machine.

Question 8

Q

How can you efficiently back up a virtual machine running SQL Server in Azure to ensure both VM-level and application-consistent backups?

Answer

A

Use Automated Backup, Automated Backup provides an automatic backup service for SQL Server Standard and Enterprise editions running on a Windows VM in Azure. This service is provided by the SQL Server IaaS Agent Extension, which is automatically installed on SQL Server Windows virtual machine images in the Azure portal.

All databases are backed up to an Azure storage account that you configure. Backups can be encrypted and the metadata is retained in msdb for up to 90 days, though the service doesn’t automatically delete backups past their retention date. You can use a lifecycle management policy for your storage account to balance backup retention with cost management according to your business needs.

Question 9

Q

What is the network latency for Azure SQL Database when data remains within the same region, compared to accessing a secondary database?

Answer

A

The network latency for Azure SQL Database when data remains within the same region is typically less than 2 milliseconds. However, accessing a secondary database, especially if it involves geo-replication or cross-region access, may introduce additional latency beyond this typical range.

Question 10

Q

How is high availability ensured in the general-purpose tier for Azure SQL Database and Azure SQL Managed Instance?

Answer

A

General-purpose tier for Azure SQL Database high availability is created by using a separation of compute and storage. Data is stioored in Azur Storage and replicated three time with LRS. If the compute instance fails, ther are available standby instances ready to take its place.

General-purpose tier for Azure SQL Managed Instance high availability is created by using a separation of compute and storage. Data is stioored in Azur Storage and replicated three time with LRS. If the compute instance fails, ther are available standby instances ready to take its place.

Prenium tier for Azure SQL Database high availability is created by using seperate instances of the database thet are replicated to and in the event of the primary compute node failing, one of the replicas will instatly become the primary.

Question 11

Q

How is high availability achieved in the business-critical tier for Azure SQL Database and Azure SQL Managed Instance?

Answer

A

High availability in the business-critical tier for Azure SQL Database and Azure SQL Managed Instance is achieved through a technology called Always On Availability Groups. In this setup, data is stored on the local disk of the primary node and is synchronously replicated to multiple secondary nodes. This ensures that any transaction is committed only after it has been successfully replicated to at least one secondary node, providing high availability and data protection.

Question 12

Q

Where is the data stored when using the Business Critical service tier for Azure SQL Database and Azure SQL Managed Instance?

Answer

A

In the Business Critical service tier for Azure SQL Database and Azure SQL Managed Instance, the data is stored in the local SSD storage of the nodes. There is the use of always on, where there are other nodes that are comitted to before data is marked are wrote.

Question 13

Q

Where is data stored when using the general-purpose tier for Azure SQL Database and Azure SQL Managed Instance?

Answer

A

Answer: Azure Blob Storage.

Question 14

Q

What does “always-on” mean in the context of Azure SQL Database and Azure SQL Managed Instance?

Answer

A

“Always-on” in the context of Azure SQL Database and Azure SQL Managed Instance refers to the high availability feature that ensures continuous data availability and minimal downtime. It involves replicating data between primary and secondary replicas. This replication can be configured to be either synchronous, ensuring data consistency by waiting for confirmation from secondary replicas before committing transactions, or asynchronous, allowing transactions to be committed without waiting for confirmation, which can improve performance but may risk data loss in case of a failure.

Question 15

Q

What are the service tiers in Azure SQL Database?

Answer

A

General Purpose
Business Critical
Hyperscale

Question 16

Q

When should you choose the General-Purpose Tier in Azure SQL Database?

Answer

A

Suitable for most general-purpose workloads.
Ideal for moderate performance needs.
Budget-friendly: Offers cost-effective options.
Storage: Utilizes Azure Premium SSD, supporting up to 4 TB of database size.
Availability: Ensures high availability with automated backups and geo-replication.
Suitable for applications with standard OLTP workloads.
Suitable for moderate transaction rates and throughput.
Suitable for applications requiring balanced performance at a lower cost.

Question 17

Q

How is high availability achieved for the General Purpose tier in Azure SQL Database?

Answer

A

High availability in the General Purpose tier of Azure SQL Database is achieved through the use of a separation of compute and storage layers. The compute layer is stateless and can be quickly replaced in case of failure, while the storage layer uses Azure Premium Storage with built-in data redundancy. Automated backups and geo-replication further enhance availability by ensuring data is protected and can be restored or accessed from another region if needed.

Question 18

Q

Which types of workloads are best suited for the General-Purpose Tier in Azure SQL Database?

Answer

A

General-purpose workloads that do not require high performance or low latency.
Applications with moderate performance and scalability requirements.
Workloads that prioritize cost-effectiveness and balanced performance.

Question 19

Q

Which types of workloads are best suited for the General-Purpose Tier in Azure SQL Managed Instance?

Answer

A

General business applications and workloads.
Applications with moderate performance and latency requirements.
Workloads that require balanced compute and storage resources.
Cost-sensitive applications that benefit from a budget-friendly option.

Question 20

Q

Which workloads are suitable for the General-Purpose Tier for an Azure SQL Instance?

Answer

A

Applications with standard OLTP (Online Transaction Processing) workloads.
Workloads with moderate transaction rates and throughput requirements.
Applications that require balanced performance at a cost-effective price.

Question 21

Q

What types of applications are best suited for the General-Purpose Tier in Azure SQL Database?

Answer

A

Applications with standard Online Transaction Processing (OLTP) workloads.
Applications with moderate transaction rates and throughput requirements.
Applications that require balanced performance at a cost-effective price.

Question 22

Q

What purchasing models are available for Azure SQL Database and Azure SQL Managed Instance?

Answer

A

Azure SQL Database and Azure SQL Managed Instance offer the following purchasing models:

vCore (Virtual Core) Model: This model allows you to choose the number of virtual cores, memory, and storage size independently. It provides flexibility to scale resources based on your workload requirements and offers options for both General Purpose and Business Critical service tiers.
DTU (Database Transaction Unit) Model: This model is specific to Azure SQL Database and bundles compute, memory, and I/O resources into a single unit. It is available in Basic, Standard, and Premium service tiers, making it simpler to choose a performance level without managing individual resources.

Note: The DTU model is not available for Azure SQL Managed Instance.

Question 23

Q

What is the Microsoft recommended purchasing model for both Azure SQL Database and Azure SQL Managed Instance?

Answer

A

The recommended purchasing model for both Azure SQL Database and Azure SQL Managed Instance is the vCore-based model. This model provides flexibility by allowing you to independently choose and scale compute and storage resources according to your needs.

Question 24

Q

What type of SSD is used for storage in the General-Purpose Tier of Azure SQL Database?

Answer

A

Answer: Azure Premium SSD is used for storage in the General-Purpose Tier of Azure SQL Database.

Question 25

Q

What type of SSD is used for storage in the General-Purpose tier of an Azure SQL Managed Instance?

Answer

A

Azure Premium SSD.

Question 26

Q

What type of SSDs are used in the Business-Critical Tier for Azure SQL Database?

Answer

A

The Business-Critical Tier for Azure SQL Database uses local SSDs to provide low-latency read and write operations.

Question 27

Q

What type of SSDs are used in the Business-Critical Tier for Azure SQL Managed Instance?

Answer

A

The Business-Critical Tier for Azure SQL Managed Instance uses local SSDs to provide low-latency reads and writes.

Question 28

Q

How is high availability achieved for the Business-Critical tier in Azure SQL Database?

Answer

A

High availability for the Business-Critical tier in Azure SQL Database is achieved through Always On availability groups. This setup includes multiple replicas: one primary replica and two or more secondary replicas within the same region. These replicas are automatically synchronized to ensure data consistency and provide failover support, ensuring that the database remains available even if one replica fails.

Question 29

Q

How is high availability achieved for the Business-Critical tier in Azure SQL Managed Instance?

Answer

A

High availability in the Business-Critical tier of Azure SQL Managed Instance is achieved through the use of Always On Availability Groups. This setup involves multiple replicas: one primary replica and two or more secondary replicas within the same region. These replicas ensure data redundancy and high availability. The data is continuously synchronized between the primary and secondary replicas, allowing for automatic failover in case of a failure, thus minimizing downtime and ensuring business continuity.

Question 30

Q

Explain the backup process for Azure SQL Database, including the types of backups and their frequency.

Answer

A

Azure SQL Database automatically manages the backup process, which includes the following types of backups:

Full Backup: Performed once a week. This backup captures the entire database.
Differential Backup: Conducted every 12 to 24 hours. It includes only the changes made since the last full backup, making it quicker and smaller than a full backup.
Transaction Log Backup: Occurs every 5 to 10 minutes. This backup records all the transactions since the last transaction log backup, allowing for point-in-time recovery.

All backups are stored in geo-redundant storage (GRS) by default, providing high availability and disaster recovery capabilities.

Question 31

Q

What are the backup retention periods for different service tiers in Azure SQL Database?

Answer

A

Basic Tier: Backups are retained for 7 days.
Standard and Premium Tiers: Backups are retained for 35 days.
Long-Term Retention (LTR): You can configure long-term retention for up to 10 years by storing backups in Azure Blob Storage.

Question 32

Q

For Azure SQL Database, can you choose custom retention periods for backups, and if so, what are the default retention periods for the Basic, Standard, and Premium tiers?

Answer

A

Basic Tier: Backups are retained for 7 days by default.
Standard and Premium Tiers: Backups are retained for 35 days by default.
You can configure a custom retention period for backups up to 10 years using the Azure SQL Database long-term retention (LTR) feature.

Question 33

Q

Can you restore an Azure SQL Database to any point in time, and if so, how does this feature work?

Answer

A

Yes, you can restore an Azure SQL Database to any point in time within the retention period. This feature is enabled by automatic backups that Azure performs regularly. These backups allow you to recover your database to a specific point in time, which is useful for recovering from accidental data changes or corruption. The retention period for these backups depends on the service tier and can range from 7 to 35 days.

Question 34

Q

What are the types of backups available for an Azure SQL Managed Instance, and how frequently are they taken?

Answer

A

Full Backup: Taken once a week.
Differential Backup: Taken every 12 to 24 hours.
Transaction Log Backup: Taken every 5 to 10 minutes.
Backups are stored in geo-redundant storage (GRS) by default, ensuring high availability and disaster recovery capabilities.

Question 35

Q

For an Azure SQL Managed Instance, how is backup retention managed, and what are the options available for both short-term and long-term retention?

Answer

A

Short-Term Retention: Automated backups for Azure SQL Managed Instance are retained for a period ranging from 7 to 35 days. The retention period can be configured based on your specific requirements and the service tier you are using.
Long-Term Retention (LTR): You can configure long-term retention policies to keep backups for up to 10 years. This allows you to store backups in Azure Blob Storage for compliance and archival purposes.

Question 36

Q

What pricing tiers are available for Azure SQL Database?

Answer

A

vCore: General Purpose
vCore: Business Critical
vCore: Hyperscale
DTU: Basic
DTU: Standard
DTU: Premium

Question 37

Q

Does Azure SQL Managed Instance support SQL Server Integration Services (SSIS)?

Answer

A

Yes, Azure SQL Managed Instance supports SQL Server Integration Services (SSIS) through the Azure Data Factory integration runtime. You can deploy and run SSIS packages in Azure using this service.

Question 38

Q

Can Azure SQL Database directly host and run SQL Server Integration Services (SSIS) packages?

Answer

A

Azure SQL Database does not support SQL Server Integration Services (SSIS) directly. SSIS cannot be natively hosted or run within Azure SQL Database. However, there are alternative methods to use SSIS with Azure SQL Database:

Azure Data Factory: Utilize Azure Data Factory (ADF) with the SSIS integration runtime to execute SSIS packages in the cloud. ADF provides a managed SSIS service that allows you to host, execute, and manage SSIS packages, enabling connectivity to Azure SQL Database as part of your ETL (Extract, Transform, Load) processes.
On-premises SSIS: If you have SSIS running on-premises, you can connect to Azure SQL Database as a data source or destination by configuring your SSIS packages to point to your Azure SQL Database instance.
SQL Managed Instance: For native SSIS support, consider using Azure SQL Managed Instance, which includes a wider range of SQL Server features, such as the ability to host SQL Agent jobs to run SSIS packages.

In summary, while Azure SQL Database does not natively support SSIS, you can leverage Azure Data Factory, on-premises SSIS, or Azure SQL Managed Instance to work with SSIS packages in conjunction with Azure SQL Database.

Question 39

Q

Does Azure SQL Managed Instance support cross-database transactions within the same instance?

Answer

A

Yes, Azure SQL Managed Instance supports cross-database transactions within the same instance. This feature allows you to perform operations across multiple databases using traditional Distributed Transaction Coordinator (DTC) support, ensuring transactional consistency across several databases within the same managed instance.

However, for transactions involving different Azure SQL Managed Instances or between an on-premises SQL Server and an Azure SQL Managed Instance, additional configurations are required. In such cases, you might need to use Azure SQL Database elastic transactions or other alternative methods, as DTC support is limited to a single managed instance.

Question 40

Q

Does Azure SQL Managed Instance support linked servers?

Answer

A

Yes, Azure SQL Managed Instance supports linked servers. This feature allows you to connect to and query external data sources directly from the SQL Managed Instance, similar to how you would in an on-premises SQL Server environment.

With linked servers, Azure SQL Managed Instance can connect to other SQL Servers, Azure SQL Databases, and even non-SQL data sources. This capability enables distributed queries and data integration across different environments.

To set up linked servers in Azure SQL Managed Instance, you generally need:

Credentials for Authentication: Ensure you have the necessary credentials to authenticate with the external data source.
Network Configurations: Configure network settings to allow connectivity to the external source, ensuring any necessary firewall rules or virtual network settings are in place.
Transact-SQL (T-SQL) Configuration: Use T-SQL commands to define and manage the linked server settings.

This feature enhances Azure SQL Managed Instance’s flexibility, making it suitable for hybrid and multi-cloud database scenarios where integration with external databases is required.

Question 41

Q

Does Azure SQL Managed Instance support CLR (Common Language Runtime) integration?

Answer

A

Yes, Azure SQL Managed Instance supports CLR (Common Language Runtime) integration. This feature enables you to create user-defined functions, stored procedures, triggers, and aggregates using managed code like C# or VB.NET. These can then be executed within SQL Managed Instance, allowing for more complex logic and custom functions that might be challenging to implement with T-SQL alone.

Question 42

Q

Does Azure SQL Managed Instance support Service Broker?

Answer

A

Yes, Azure SQL Managed Instance supports Service Broker.

Question 43

Q

Does Azure SQL Managed Instance support SQL Server Replication?

Answer

A

No, Azure SQL Managed Instance does not support SQL Server Replication. While SQL Server Replication is available in SQL Server on-premises for data distribution and synchronization, this feature is not supported in Azure SQL Managed Instance.

For similar functionality, you may consider using alternatives like Azure Data Sync for synchronizing data across multiple databases or using Azure Data Factory for data movement and transformation tasks.

Question 44

Q

Does Azure SQL Managed Instance support Database Mail?

Answer

A

No, Azure SQL Managed Instance does not support Database Mail. Instead, you can use alternative methods such as Azure Logic Apps, Azure Functions, or external SMTP services to send emails from your databases.

Question 45

Q

Does Azure SQL Managed Instance support Stretch Database?

Answer

A

No, Azure SQL Managed Instance does not support Stretch Database.

Question 46

Q

Does Azure SQL Managed Instance support Data Quality Services?

Answer

A

No, Azure SQL Managed Instance does not support Data Quality Services.

Question 47

Q

What is the maximum retention period for automatic backups in Azure SQL Database and Azure SQL Managed Instance?

Answer

A

The maximum retention period for automatic backups in Azure SQL Database and Azure SQL Managed Instance is 10 years.

Question 48

Q

How are backups managed in an Azure SQL Managed Instance?

Answer

A

Backups are managed automatically by Azure.
A full database backup is performed weekly.
Differential backups are taken every 12 to 24 hours.
Transaction log backups occur every 5 to 10 minutes.

Question 49

Q

How long can backups be retained in an Azure SQL Managed Instance?

Answer

A

The default retention period for backups is between 7 to 35 days.
With Long-Term Retention (LTR), backups can be retained for up to 10 years.

Question 50

Q

How can you recover a recent backup in an Azure SQL Managed Instance?

Answer

A

To recover a recent backup in an Azure SQL Managed Instance, use the point-in-time restore feature. This allows you to restore the database to a specific point in time within the retention period.

Question 51

Q

How are backups managed in an Azure SQL Managed Instance?

Answer

A

Backups are managed automatically by Azure.
A full database backup is performed weekly.
Differential backups occur every 12 to 24 hours.
Transaction log backups are taken every 5 to 10 minutes.

Question 52

Q

How long can backups be retained in an Azure SQL Managed Instance?

Answer

A

The default retention period for backups in an Azure SQL Managed Instance is between 7 and 35 days.
For Long-Term Retention (LTR), backups can be retained for up to 10 years.

Question 53

Q

How can you perform a point-in-time restore to recover a recent backup in an Azure SQL Database?

Answer

A

To perform a point-in-time restore in an Azure SQL Database, navigate to the Azure portal, select your SQL database, and go to the “Restore” option. Choose “Point-in-time restore,” specify the desired restore point by selecting the date and time, and then follow the prompts to complete the restoration process.

Question 54

Q

Should I manually tune the performance of an Azure SQL Instance and Database, or is it automatically managed?

Answer

A

Azure SQL Database and Azure SQL Managed Instance offer automatic performance tuning features, which can automatically optimize performance by identifying and implementing tuning recommendations. However, you can also manually review and apply these recommendations if you prefer more control over the tuning process.

Question 55

Q

Should I be concerned about the database version for an Azure SQL Managed Instance?

Answer

A

Microsoft automatically manages updates to ensure that your instance is running the latest stable version, which includes the latest features, performance improvements, and security patches. This process is designed to be seamless and minimize downtime, allowing you to focus on your applications without the need to manage version updates manually.

Question 56

Q

Should I be concerned about the version of Azure SQL Database that I am using?

Answer

A

No, you do not need to be concerned about the version of Azure SQL Database you are using. Azure SQL Database is a fully managed service, and Microsoft automatically updates it to the latest version to ensure security, performance, and feature improvements. It operates as a version-less service, meaning you always have access to the latest capabilities without needing to manage version upgrades yourself.

Question 57

Q

What purchasing model should I use to apply the Azure Hybrid Benefit with Azure SQL Database and Azure SQL Managed Instance?

Answer

A

Use the vCore-based purchasing model.

Question 58

Q

Can Azure Hybrid Benefit be applied to Azure SQL?

Answer

A

Yes, Azure Hybrid Benefit can be applied to Azure SQL. This allows you to use your existing SQL Server licenses with Software Assurance to save on Azure SQL Database and Azure SQL Managed Instance costs.

Question 59

Q

You have a web application that uses Azure SQL Database as its backend. The database contains sensitive customer data that must be protected from unauthorized access. You need to recommend a solution that implements row-level security (RLS) in the database. The solution must meet the following requirements:

Allow users to access only the data that is relevant to them.
Ensure that users cannot access data that is not relevant to them.
Minimize the amount of administration required to manage the security.

What should you include in the recommendation?

Answer

A

RLS (Row-Level Security) is a feature in Azure SQL Database that restricts data access for specific rows in a table based on the characteristics of the user executing the query. To implement RLS, you should define security predicates as inline table-valued functions and create security policies that apply these predicates to the tables. This ensures that users can only view and manipulate rows of data they are authorized to access, meeting the requirement of allowing users to access only the relevant data while minimizing administrative overhead.

Question 60

Q

How does Row-Level Security (RLS) function in Azure SQL Database?

Answer

A

Security Policies: You create a security policy that specifies the restrictions for each query executed by a user. This policy includes a filter predicate that is evaluated for each query.
Filter Predicate: A function that returns a boolean value to determine which rows a user can access. This predicate is applied every time a query is executed on a table with RLS enabled.
Automatic Enforcement: Users are automatically prevented from accessing rows that do not satisfy the filter predicate.

Question 61

Q

How is Row-Level Security (RLS) implemented in Azure SQL Database to restrict data access?

Answer

A

Row-Level Security (RLS) in Azure SQL Database is implemented by creating security policies that define predicates, which are functions that filter rows based on the current user’s context. This ensures that users can only access the subset of data they are authorized to see.

Question 62

Q

What is an Azure SQL Server-level Firewall Rule and how does it control access to databases?

Answer

A

An Azure SQL Server-level Firewall Rule is a security feature that controls access to all databases hosted on a specific SQL Server. It allows you to define network ranges or specific IP addresses that are permitted to connect to the server. This is useful for managing access for multiple applications or clients that need to connect to different databases on the same server, ensuring they adhere to consistent security policies.

Question 63

Q

Can you use a SQL Server-level firewall rule in Azure SQL to allow access to a specific database for a particular IP address?

Answer

A

No, SQL Server-level firewall rules in Azure SQL cannot be used to restrict access to a single database for a particular IP address. These rules apply to the entire server, granting access to all databases hosted on that server for the specified IP address. Access to individual databases is controlled through authentication and permissions, not firewall rules.

Question 64

Q

What is the scope of SQL Server-level Firewall Rules when using an Azure SQL Database server?

Answer

A

The scope of SQL Server-level Firewall Rules when using an Azure SQL Database server applies to all databases hosted on that server.

Answer 65

A

To configure specific IP addresses to access each of your three databases (DB1, DB2, and DB3) on an Azure SQL server instance, you should use both server-level and database-level firewall rules. First, set up server-level firewall rules to allow access to the Azure SQL server instance. Then, configure database-level firewall rules for each database to specify the IP addresses that can access them individually. This approach ensures that only the specified IP addresses can access each database.

Answer 66

A

Always Encrypted Client-Side Encryption in Azure SQL Database ensures that sensitive data is encrypted and decrypted on the client side. This means that the data remains encrypted while stored in the database, and only authorized client applications can decrypt it. As a result, the database and database administrators never have access to the plaintext data, enhancing data security and privacy.

Answer 67

A

Always Encrypted Column-Level Encryption in Azure allows you to encrypt specific sensitive columns, such as those containing credit card numbers or social security numbers, in a database. This ensures that the data remains encrypted both at rest and in transit, while the rest of the data in the table remains unencrypted. This feature helps protect sensitive data from unauthorized access and ensures that only authorized applications or users can decrypt and access the data.

Answer 68

A

The role separation feature in Always Encrypted ensures that database administrators can manage the database without having access to the encryption keys. This prevents them from viewing sensitive data in plaintext, while application developers or administrators, who have access to the encryption keys, can handle the data securely.

Answer 69

A

Deterministic Encryption: This type of encryption always generates the same encrypted value for a given plaintext value. It allows for equality searches, meaning you can query encrypted columns using equality operators. However, it may reveal patterns in the data, which could potentially be exploited.

Randomized Encryption: This type of encryption generates different encrypted values each time for the same plaintext value, enhancing security by making it more difficult to identify patterns. However, it does not support equality searches, so you cannot use equality operators to query encrypted columns.

Answer 70

A

Always Encrypted is a feature in Azure SQL Database that ensures sensitive data is encrypted both at rest and in transit. It allows clients to encrypt sensitive data inside client applications and never reveal the encryption keys to the database engine. This means that the database engine, Azure SQL Database, and even Azure administrators cannot access the encrypted data. The client driver (e.g., ADO.NET) handles the encryption and decryption process transparently when configured with the necessary keys, allowing applications to interact with the data without needing to be aware of the encryption process.

Answer 71

A

Always Encrypted in Azure SQL Database is a feature designed to protect sensitive data by encrypting it at the column level. It uses two types of keys:

Column Encryption Key (CEK): This key is used to encrypt the actual data within the database columns.
Column Master Key (CMK): This key is used to encrypt the CEK. The CMK is stored securely in an external key store, such as Azure Key Vault, ensuring that the encryption keys are managed separately from the encrypted data.

Answer 72

A

Yes, data loss can occur when using an auto-failover group in Azure. The potential duration of data loss is up to 5 seconds.

Answer 73

A

No, the secondary database in an auto-failover group can only be used for read operations, not write operations.

Answer 74

A

No, it is not a requirement for the secondary database to be in the same resource group as the primary database when using an auto-failover group in Azure. The primary and secondary databases can be in different resource groups.

Answer 75

A

No, the primary and secondary databases should be located in different regions to ensure high availability and disaster recovery.

Answer 76

A

Yes, Azure SQL Managed Instance supports server-side transactions. This means you can execute transactions on the server, allowing for operations such as commit and rollback to be managed directly within the database environment.

Answer 77

A

Yes, you can deploy an Azure SQL Database with connectivity through a private virtual network (vNET) by using Azure Private Link. This allows you to access the database securely over a private endpoint within your vNET. Additionally, you can use service endpoints to extend your vNET to the Azure SQL Database service, enhancing security by restricting access to your database from specific vNETs.

Answer 78

A

No, Azure SQL Managed Instance is not a single-tenant environment. It is a multi-tenant service where multiple customers share the same physical infrastructure, but each managed instance is isolated at the network level and provides dedicated resources to ensure performance and security.

Answer 79

A

Yes, Azure SQL Database is a multi-tenant environment.

Answer 80

A

No, Azure SQL Database does not support server-side transactions in the same way as traditional SQL Server instances. However, it does support transactions within the database itself, allowing you to manage and execute transactions using T-SQL commands.

Answer 81

A

Yes, Azure SQL Managed Instance supports server-side transactions. This means you can manage transactions directly on the server, ensuring data integrity and consistency across operations.

Answer 82

A

Dynamic Data Masking in Azure Managed Instance and Azure SQL Database is a security feature that automatically obscures sensitive data in query results. It does not alter the actual data stored in the database. Instead, it applies masking rules to the data when it is retrieved, ensuring that users without the necessary permissions see only masked data. Users with the appropriate permissions can access and interact with the unmasked, original data.

Answer 83

A

To achieve this, use Dynamic Data Masking in Azure SQL Managed Instance. Configure the database to apply a mask to the credit card numbers by default. Then, grant User A the UNMASK permission, allowing them to see the unmasked data, while User B will see the masked data by default.

Answer 84

A

Yes, both Azure SQL Managed Instance and Azure SQL Database support dynamic data masking.

Answer 85

A

Active Geo-Replication: Allows you to create up to four readable secondary databases in different Azure regions, providing high availability and disaster recovery.
Auto-Failover Groups: Enables automatic failover of multiple databases in a group to a secondary server in a different region, simplifying the management of DR for multiple databases.
Point-in-Time Restore: Allows you to restore a database to any point within the retention period, providing protection against accidental data loss or corruption.
Geo-Restore: Enables you to restore a database from geo-redundant backups to any Azure region, ensuring data recovery in case of a regional outage.
Zone Redundant Configuration: Distributes database replicas across multiple availability zones within a region, enhancing resilience against zone-level failures.
Geo-Redundant Backups: Automatically stores backups in a secondary region, ensuring data availability and recovery in the event of a regional disaster.

Answer 86

A

To create read-only replicas of an Azure SQL Database in a different region, you can use the “Active Geo-Replication” feature. This allows you to configure up to four readable secondary databases in different regions, providing high availability and disaster recovery.

Answer 87

A

No, Failover Groups and Active Geo-Replication are separate features in Azure SQL Database. They both provide disaster recovery and high availability across regions, but they are designed to be used independently. You can choose one based on your specific requirements, but they are not meant to be used together.

Answer 88

A

Yes, you can manually failover an Azure SQL Database with a secondary read replica in a separate region by using the Azure portal, PowerShell, or the Azure CLI. This is typically done by initiating a failover of the geo-replication relationship to promote the secondary database to the primary role.

Answer 89

A

Yes, the DNS name used to connect to the database remains the same. Azure SQL Database automatically updates the DNS to point to the new primary database after a failover.

Answer 90

A

Auto-Failover Groups:

Auto-Failover Groups enable automatic failover for geo-replicated Azure SQL Databases, ensuring continuous availability during regional outages without manual intervention.

They support automatic failover, maintaining read-write access to the database after a failover event.

You can manage multiple databases seamlessly and configure policies for either automatic or manual failover between primary and secondary regions.

Answer 91

A

Azure SQL Database Point-in-Time Restore allows you to recover a database to any point within the backup retention period, which can be up to 35 days for Standard and Premium tiers. This feature is useful for recovering from accidental data loss, corruption, or malicious activity. It enables you to restore databases within the same region and also across regions if geo-redundant backups are configured.

Answer 92

A

Azure SQL Database Geo-Replication, specifically Active Geo-Replication, allows you to create up to four readable secondary replicas of your database in different Azure regions.
These replicas are synchronized asynchronously with the primary database, meaning they can serve as failover databases if the primary database becomes unavailable.
In the event of a failure, you can manually initiate a failover to a secondary replica to restore service, with minimal data loss depending on the replication lag.
The secondary replicas are available for read-only queries, which can improve availability and performance for global applications.

Answer 93

A

Auto-Failover Groups enable automatic failover for geo-replicated Azure SQL Databases, eliminating the need for manual intervention during a regional outage.
They ensure continuous availability by automatically switching to a secondary region if the primary region becomes unavailable.
This feature allows for seamless management of multiple databases, maintaining read-write access to the databases even after a failover event.
You can configure Auto-Failover Groups to handle failover automatically or manually, based on your specific requirements, between the primary and secondary regions.

Answer 94

A

Yes, you can use auto-failover groups with multiple databases. Auto-failover groups in Azure SQL Database allow you to manage the failover of a group of databases as a single unit, ensuring high availability and disaster recovery across different regions.

Answer 95

A

Azure SQL Database Point-in-Time Restore allows you to recover a database to any specific point within the backup retention period, which can be up to 35 days for Standard and Premium tiers. This feature is useful for recovering from accidental data loss, corruption, or malicious activity. It enables you to restore databases within the same region and also across regions if geo-redundant backups are enabled.

Answer 96

A

Geo-Restore in Azure SQL Database allows you to recover your database from a geo-replicated backup to any Azure region if there is a major regional outage or disaster. This feature ensures that even if your primary region is inaccessible, you can restore your database from backups stored in a secondary region. Geo-Restore uses geo-redundant backups, which are stored in different regions, to protect against region-wide failures. While the recovery time is longer compared to Active Geo-Replication or Failover Groups, Geo-Restore serves as a last-resort recovery option.

Answer 97

A

Azure SQL Database Zone Redundant Configuration is a feature available in the Premium and Business Critical tiers. It enhances high availability by replicating databases across multiple availability zones within the same region. This setup ensures that if one availability zone experiences a failure, the database remains accessible through replicas in other zones, thereby providing resilience against localized failures and maintaining continuous service availability.

Answer 98

A

Azure SQL Database Zone Geo-Redundant Backups are a feature that automatically stores your database backups in multiple geographic locations. By default, these backups are stored in both the primary region and a secondary region. This redundancy ensures that if the primary region experiences an outage, you can still restore your database from the backups stored in the secondary region, thereby maintaining data availability and minimizing downtime.

Answer 99

A

Azure SQL Database provides automatic performance tuning features, including automatic index management and query performance insights. However, you can also manually tune performance by using tools like Query Performance Insight, SQL Database Advisor, and by monitoring performance metrics.

Answer 100

A

Yes, performance tuning is available for Azure SQL Managed Instances. You can use various tools and features such as Query Store, Automatic Tuning, and Performance Recommendations to optimize and improve the performance of your SQL Managed Instances.

Answer 101

A

Answer: I recommend using Azure Cosmos DB for storing NoSQL data. It is a fully managed NoSQL database service that provides native support for various NoSQL data models, including document, key-value, graph, and column-family. It offers global distribution, scalability, and low-latency access, making it an ideal choice for applications requiring NoSQL data storage with minimal effort.

Answer 102

A

Answer: I recommend using Azure Cosmos DB, which is a fully managed NoSQL database service that supports multiple data models and provides a simple way to store and work with NoSQL data.

Answer 103

A

The Service Level Agreement (SLA) for Azure SQL Database guarantees 99.99% availability.

Answer 104

A

The default RPO (Recovery Point Objective) for Azure SQL Database is typically 5 minutes.

Answer 105

A

The default Recovery Time Objective (RTO) for Azure SQL Database is 1 hour.

Answer 106

A

Azure SQL Database provides protection against data corruption through features such as automated backups, geo-replication, and built-in data integrity checks. Automated backups ensure that you can restore your database to a previous state, while geo-replication provides redundancy and high availability. Data integrity checks help detect and correct data corruption issues.

Answer 107

A

The General Purpose tier in Azure SQL Database is primarily used for applications that require a balanced approach to cost and performance, making it suitable for most business workloads.

Answer 108

A

Yes, in the General Purpose tier of Azure SQL Database, compute and storage are separated. The compute layer is responsible for processing queries, while the storage layer is remote and handles data storage.

Answer 109

A

The I/O performance in the General Purpose tier of Azure is moderate, utilizing Azure Premium SSD-backed storage.

Answer 110

A

The maximum database size for the General Purpose tier in Azure SQL Database is 2 TB.

Answer 111

A

The General Purpose tier in Azure SQL Database provides high availability through a separation of compute and storage layers. It uses a failover group with automated backups and geo-replication for disaster recovery, but it does not use zone-redundant configurations or Always On availability groups. Instead, it relies on built-in data redundancy and automatic failover within the same region.

Answer 112

A

In the General Purpose tier of Azure SQL Database, automated backups are created and stored in geo-redundant storage. This allows for point-in-time restore, enabling you to restore the database to any point within the retention period, which is typically up to 35 days.

Answer 113

A

The typical failover time for the General Purpose tier in Azure SQL Database is 30 seconds to 60 seconds.

Answer 114

A

Answer: Azure Premium SSD with locally redundant storage.

Answer 115

A

The General Purpose tier in Azure handles scaling by providing balanced CPU-to-memory configurations and supporting both vertical and horizontal scaling. It allows you to adjust resources based on workload demands, ensuring cost-effectiveness while maintaining performance.

Answer 116

A

Answer: The General Purpose tier is most suitable for workloads that require a balanced mix of compute and memory resources, such as web servers, small to medium-sized databases, and application servers.

Answer 117

A

Answer: No, the General Purpose tier in Azure SQL Database does not offer read replicas.

Answer 118

A

Applications that require the highest level of availability, resilience to failures, and low-latency input/output operations.

Answer 119

A

No, in the Business-Critical tier of Azure SQL Database, compute and storage are not separated. This tier uses local SSD-based storage, which means that the storage is directly attached to the compute nodes.

Answer 120

A

The I/O performance in the Business-Critical tier of Azure SQL Database is high, as it utilizes local SSD storage with low latency for optimal performance.

Answer 121

A

The maximum database size for the Business Critical tier in Azure SQL Database is 5 TB.

Answer 122

A

The Business-Critical tier in Azure SQL Database provides high availability through zone-redundant configurations using Always On availability groups, with data stored on local SSDs.

Answer 123

A

In the Business-Critical tier of Azure SQL Database, backup and restore functionality operates as follows:

Automated Backups: The system automatically creates full, differential, and transaction log backups to ensure data protection and recovery.
Point-in-Time Restore: You can restore your database to any point in time within the retention period, which is typically up to 35 days.
Geo-Redundant Backups: Backups are stored in geo-redundant storage, providing additional protection by replicating data to a secondary region, ensuring availability even in the event of a regional outage.

Answer 124

A

The failover time for the Business-Critical tier in Azure SQL Database is typically 3-10 seconds, leveraging fast failover with SSD technology.

Answer 125

A

Answer: In the Business-Critical tier of Azure SQL Database, local SSD storage is used, providing fast local access and high performance.

Answer 126

A

The Business-Critical tier in Azure SQL Database provides high availability and performance with features like in-memory OLTP and faster failover. It supports scaling by allowing you to adjust the number of vCores and the amount of storage independently, enabling you to handle varying workloads efficiently. However, scaling may involve some downtime or performance impact during the scaling operation.

Answer 127

A

Answer: Workloads that require high performance, low-latency, high availability, and enhanced security, such as financial transactions, e-commerce platforms, and real-time data processing.

Answer 128

A

Up to 3 read replicas.

Answer 129

A

The primary use case for the Hyperscale tier in Azure SQL Database is to support applications that require high scalability, rapid scaling, and the ability to handle very large databases efficiently.

Answer 130

A

Yes, the Hyperscale tier in Azure SQL Database supports the separation of compute and storage, allowing for independent scaling of each to meet performance and capacity needs.

Answer 131

A

The I/O performance characteristic of the Hyperscale tier in Azure SQL Database is designed to provide high throughput and low latency, with the ability to scale storage and compute resources independently based on workload demand.

Answer 132

A

Up to 100 TB.

Answer 133

A

The Hyperscale tier provides high availability (HA) features such as rapid scale-out capabilities, automatic backups, and storage-level redundancy through a highly distributed architecture. This ensures that data is replicated across multiple nodes, providing resilience against hardware failures and enabling seamless scaling to accommodate workload demands.

Answer 134

A

In the Hyperscale tier of Azure SQL Database, the backup and restore process functions as follows:

Automated Backups: The system automatically takes full, differential, and transaction log backups. These backups are stored in Azure Blob Storage.
Snapshot-Based Restores: The Hyperscale architecture uses a snapshot-based approach for backups, which allows for fast and efficient restores. This means that instead of restoring from traditional backup files, the system uses snapshots of the data files, enabling quicker recovery times.
Point-in-Time Restore: You can restore the database to any point in time within the retention period, which can be configured up to 35 days.

This approach ensures minimal downtime and efficient data recovery, leveraging the scalability and flexibility of the Hyperscale architecture.

Answer 135

A

The typical failover time for the Hyperscale tier in Azure SQL Database is generally within minutes, but it can vary based on the specific scaling requirements and the size of the database.

Answer 136

A

The Hyperscale tier in Azure utilizes highly scalable remote storage, specifically Azure Blob Storage, to store data files.

Answer 137

A

The Hyperscale tier in Azure SQL Database manages scaling by allowing rapid horizontal scaling of storage and compute resources independently, with minimal downtime. It uses a distributed architecture to support large databases and provides fast scaling capabilities to accommodate varying workloads efficiently.

Answer 138

A

The Hyperscale tier is most suitable for large-scale, rapidly growing workloads that require high read and write scalability, such as applications with unpredictable growth patterns and extensive data storage needs.

Answer 139

A

In the Hyperscale tier, you can create up to 30 read replicas for read scaling.

Answer 140

A

Hyperscale tier, as it supports up to 100TB of storage and allows for multiple read replicas to handle read-intensive workloads.

Answer 141

A

Azure SQL Database Hyperscale allows you to have up to 30 named replicas.

Answer 142

A

Scalable based on workload demand. Azure SQL Database Hyperscale automatically adjusts I/O performance to meet the needs of your workload, ensuring efficient resource utilization and optimal performance.

Answer 143

A

To optimize performance and cost for a web app using SQL accessed by 20 people during business hours, consider the following:

Database Tier Selection: Choose an appropriate SQL database tier that matches your usage pattern. For 20 users, a Basic or Standard tier might be sufficient, but monitor performance to ensure it meets your needs.
Scaling: Use Azure’s scaling options to adjust resources based on demand. Consider scaling down during non-business hours to save costs.
Connection Pooling: Implement connection pooling to reduce the overhead of opening and closing database connections, which can improve performance.
Query Optimization: Ensure that your SQL queries are optimized. Use indexes where appropriate and avoid complex queries that can slow down performance.
Caching: Implement caching strategies to reduce the number of database queries. Use Azure Cache for Redis or in-memory caching to store frequently accessed data.
Monitoring and Alerts: Set up monitoring and alerts to track performance metrics and costs. Use Azure Monitor to identify and address performance bottlenecks.
Data Archiving: Archive old or infrequently accessed data to reduce the size of your active database, which can improve performance and reduce costs.
Cost Management Tools: Use Azure Cost Management tools to analyze and optimize your spending. Set budgets and alerts to avoid unexpected costs.

By considering these factors, you can effectively balance performance and cost for your web app.

Answer 144

A

The Azure SQL Database Standard tier offers the following features and capabilities:

Performance Levels: Provides a balanced set of compute, memory, and storage resources suitable for most business workloads. It supports a range of performance levels to accommodate different application needs.
Scalability: Allows for easy scaling of resources up or down based on demand without downtime, ensuring flexibility and cost-efficiency.
High Availability: Includes built-in high availability with a 99.99% uptime SLA, ensuring your database is always accessible.
Backup and Restore: Automated backups with point-in-time restore capabilities for up to 35 days, providing data protection and recovery options.
Security: Offers advanced security features such as encryption at rest and in transit, threat detection, and auditing to protect your data.
Geo-Replication: Supports active geo-replication, allowing you to create readable replicas of your database in different regions for disaster recovery and global distribution.
Intelligent Performance: Includes features like automatic tuning, query performance insights, and adaptive query processing to optimize performance.
Managed Service: Fully managed database service that handles maintenance, patching, and updates, allowing you to focus on application development.
Compatibility: Supports a wide range of SQL Server features and is compatible with existing SQL Server tools and applications.

These features make the Standard tier a versatile and reliable choice for many business applications requiring robust performance and availability.

Answer 145

A

Yes, Azure SQL Database supports both partitioning and sharding. Partitioning can be achieved using partitioned tables and indexes within a single database to improve performance and manageability. Sharding, or horizontal partitioning, can be implemented using Elastic Database tools to distribute data across multiple databases.

Answer 146

A

An Azure SQL Server-level Firewall is a security feature that controls access to an Azure SQL Database server. It allows you to define IP address ranges that are permitted to connect to the server. Any connection attempts from IP addresses outside these specified ranges will be blocked. This firewall operates at the server level, meaning it applies to all databases hosted on that server.

Answer 147

A

An Azure SQL Database-level Firewall is a security feature that controls access to an Azure SQL Database by allowing only specified IP addresses to connect. It helps protect the database by blocking unauthorized access from other IP addresses.

Answer 148

A

No, by default, the Azure SQL Database-level firewall does not block traffic. It relies on server-level firewall rules to manage access.

Answer 149

A

To securely write Azure SQL audit logs to a storage account protected by a VNet and firewall, follow these steps:

Configure Azure SQL Auditing: Set up auditing on your Azure SQL database or server to send logs to a storage account.
Restrict Storage Account Access: Configure the storage account to allow access only from specific virtual networks and IP addresses by setting up VNet service endpoints or private endpoints.
Set Up Firewall Rules: Implement firewall rules on the storage account to restrict access to trusted IP ranges and virtual networks.
Use Managed Identity: Assign a managed identity to your Azure SQL database or server. Grant this identity the necessary permissions (e.g., Blob Contributor) on the storage account to securely write audit logs.
Verify Configuration: Ensure that the storage account is correctly configured to accept connections only from the specified networks and that the managed identity has the appropriate permissions.

This setup ensures that audit logs are securely stored within a controlled network environment, enhancing data protection.

Answer 150

A

Azure SQL Database Advanced Threat Protection is a security feature that helps safeguard your databases by detecting unusual and potentially harmful activities. It identifies threats such as SQL injection attempts, access from unfamiliar locations or data centers, access by unfamiliar users or potentially harmful applications, and brute force attempts to guess SQL credentials. This feature provides alerts for these suspicious activities, enabling you to take timely action to protect your data.

Answer 151

A

Dynamic data masking is a security feature that helps protect sensitive data in a database by controlling how much of the data is exposed to unauthorized users. It allows you to define masking rules that obfuscate sensitive information in the query results, without altering the actual data stored in the database.

For instance, in a call center scenario, a service representative might need to verify a caller’s identity using part of their email address. Dynamic data masking can be configured to show only certain characters of the email address, ensuring that the full email address remains hidden from the representative. Similarly, masking rules can be applied to personal data, allowing developers to access production environments for troubleshooting without exposing sensitive information, thereby maintaining compliance with data protection regulations.

Answer 152

A

Yes, Azure Policies can be used with Azure SQL Managed Instance and Azure SQL Database to enforce regulatory compliance. Azure provides built-in policy definitions that help ensure compliance with various standards and regulations. These policies can be assigned to your SQL resources to automatically audit and enforce compliance requirements.

Answer 153

A

The security baseline for Azure SQL is implemented using Azure Policy by applying the guidelines from the Microsoft Cloud Security Benchmark. This involves creating and assigning policies that ensure Azure SQL resources comply with best practices for security, such as access control, data protection, and threat management. Azure Policy helps automate compliance by continuously evaluating resources and providing insights and remediation steps for any deviations from the established security baseline.

Answer 154

A

Azure SQL Always Encrypted is crucial for data security because it ensures that sensitive data is encrypted on the client side before being stored in the database. This means that the data remains encrypted while at rest and in transit, and only authorized clients with the correct encryption keys can decrypt and access the data. This feature prevents unauthorized access, including by database administrators, thereby safeguarding confidential information such as social security numbers and credit card details.

Answer 155

A

Azure Always Encrypted with secure enclaves enhances data security by allowing computations on sensitive data while it remains encrypted. Secure enclaves are isolated, hardware-protected memory regions that enable this process, ensuring that data is not exposed during query execution. This feature provides an additional layer of security, minimizing the risk of data exposure even to administrators with elevated privileges.

Answer 156

A

Data Discovery & Classification in Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics offers tools to identify, categorize, label, and report sensitive data within your databases.

Answer 157

A

Transparent Data Encryption (TDE) helps protect Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics by encrypting data at rest, safeguarding against malicious offline activities. It automatically encrypts and decrypts the database, associated backups, and transaction log files in real-time without requiring any changes to the application. By default, TDE is enabled for all newly deployed Azure SQL Databases. For Azure SQL Managed Instance, TDE is enabled at the instance level for newly created databases. In Azure Synapse Analytics, TDE must be manually enabled.

Answer 158

A

Yes, you can use your own key, known as a customer-managed key, for implementing Transparent Data Encryption (TDE) in Azure SQL Database or SQL Managed Instance. This allows you to have greater control over the encryption keys used to protect your data.

Answer 159

A

An Always On availability group in the context of Azure SQL on a virtual machine (VM) is a high availability and disaster recovery solution that allows you to group one or more databases for replication. It supports up to eight secondary replicas for each primary database, providing redundancy and failover capabilities. This setup ensures that your databases remain available and protected against failures, serving as an alternative to database mirroring.

Answer 160

A

No, you cannot write to the secondary databases in an Always On Availability Group when using Azure SQL on a VM. The secondary databases are read-only.

Answer 161

A

Yes, secondary databases in an Always On Availability Group can be configured for read access. This allows you to offload read-only workloads to the secondary replicas, improving performance and availability.

Answer 162

A

No, a secondary database in an Always On Availability Group is not considered a backup. It is a replica used for high availability and disaster recovery, but it does not replace the need for regular backups. In a disaster scenario, issues affecting the primary database could also impact the secondary database, so maintaining separate backups is essential.

Answer 163

A

Always Encrypted is a feature in SQL databases that ensures sensitive data is encrypted both at rest and in transit. It works by using client-side encryption keys to encrypt data before it is stored in the database. The encryption and decryption processes occur on the client side, meaning that the database server never has access to the encryption keys or the unencrypted data. This ensures that sensitive information remains protected even if the database is compromised.

Answer 164

A

The database data for an Azure SQL Managed Instance is stored on Azure Premium Disk Storage.

Answer 165

A

When using Transparent Data Encryption (TDE) in Azure, the key type options available are:

Azure Managed Keys: These are encryption keys managed by Azure, which simplifies the management process as Azure handles key rotation and security.
Customer Managed Keys: These allow customers to manage their own encryption keys using Azure Key Vault, providing greater control over key rotation, access policies, and auditing.

Answer 166

A

The database data for Azure SQL Managed Instance is stored using Geo-Redundant Storage (GRS).

Answer 167

A

Transparent Data Encryption (TDE) encrypts the entire database, including data and log files, at rest. It is designed to protect data by performing real-time I/O encryption and decryption of the database, backups, and transaction log files without requiring changes to applications.

Always Encrypted, on the other hand, is designed to protect sensitive data, such as credit card numbers or social security numbers, by encrypting it on the client side before it is sent to the database. This ensures that the data remains encrypted not only at rest but also in transit and during processing, with the encryption keys managed by the client application.

Answer 168

A

Yes, in Azure SQL Database, administrators with the necessary permissions, such as the SQL Server admin or members of the db_owner role, can see unmasked data even if dynamic data masking is applied. Dynamic data masking is designed to limit access to sensitive information for non-privileged users by hiding it in query results. However, it does not prevent administrators or users with elevated privileges from viewing the full data.

Answer 169

A

Dynamic Data Masking in Azure SQL Database limits access to sensitive data by automatically masking it at the database level. This feature provides obfuscated data to users who do not have the necessary permissions, while allowing users with the appropriate permissions to view the data in its original form.

Answer 170

A

Dynamic Data Masking in Azure SQL Database provides real-time obfuscation of query results by masking sensitive data based on user roles and permissions. This ensures that the actual data stored in the database remains unchanged and secure.

Answer 171

A

The key types of data masking provided by Azure SQL Database Dynamic Data Masking are:

Default Masking: Masks the entire value with a default mask, such as replacing characters with ‘X’ or numbers with ‘0’.
Email Masking: Masks email addresses by exposing only the first letter and the domain, such as “aXXX@domain.com”.
Random Masking: Masks numeric values by replacing them with a random number within a specified range.
Custom String Masking: Masks data using a custom pattern, allowing you to specify which parts of the data to expose and which to mask, such as “XXXX-XX-1234”.

Answer 172

A

Yes, administrators can customize Azure SQL Database Dynamic Data Masking to allow specific user roles access to unmasked data. This is done by granting the “UNMASK” permission to those roles, providing greater control over who can view sensitive information.

Answer 173

A

To enable Dynamic Data Masking in Azure SQL Database, follow these steps:

Azure Portal:
- Navigate to your Azure SQL Database in the Azure portal.
- Under the “Security” section, select “Dynamic Data Masking.”
- Click on “Add Mask” to configure masking rules for sensitive columns.
- Choose the columns you want to mask and select the appropriate masking type (e.g., Default, Email, Custom String, or Random Number).
PowerShell:
- Use the Set-AzSqlDatabaseDataMaskingPolicy cmdlet to enable Dynamic Data Masking.
- Define masking rules using the New-AzSqlDatabaseDataMaskingRule cmdlet for each sensitive column.
T-SQL Commands:
- Connect to your database using a tool like SQL Server Management Studio (SSMS).
- Use the ALTER TABLE statement to add masking rules. For example:
```
sql
ALTER TABLE [TableName] ALTER COLUMN [ColumnName] ADD MASKED WITH (FUNCTION = 'maskingFunction');
```
- Replace maskingFunction with the desired masking function, such as default(), email(), partial(), or random().

Ensure that you have the necessary permissions to configure Dynamic Data Masking and that you carefully select the columns and masking types to protect sensitive data effectively.

Answer 174

A

vCore-Based Purchasing Model: This model offers flexibility by allowing you to select the number of virtual cores (vCores), memory, and storage independently, aligning resources with your specific workload needs. The vCore-based model includes the following service tiers:
- General Purpose: Designed for most business workloads, offering balanced and scalable compute and storage options at an affordable price point.
- Business Critical: Tailored for applications requiring low-latency responses and high resilience to failures, utilizing high-performance local SSD storage.
- Hyperscale: Ideal for applications with highly scalable storage and read-scale requirements, supporting rapid scaling up to 100 TB of storage.
Within the vCore-based model, you can choose between two compute tiers:
- Provisioned Compute: Resources are allocated continuously, suitable for workloads with consistent usage patterns.
- Serverless Compute: Resources auto-scale based on workload demand, optimizing cost for intermittent or unpredictable usage patterns.
DTU-Based Purchasing Model: The Database Transaction Unit (DTU) model offers pre-configured bundles of compute, storage, and I/O resources, simplifying the selection process for common workloads. The DTU-based model includes the following service tiers:
- Basic: Suitable for small databases with light workloads, providing up to 5 DTUs and 2 GB of storage.
- Standard: Designed for moderate workloads, offering a range of DTUs (from 10 to 3,000) and up to 1 TB of storage.
- Premium: Intended for high-performance workloads, providing between 125 and 4,000 DTUs and up to 4 TB of storage.

Answer 175

A

vCore-Based Purchasing Model:

General Purpose Tier:
- Max vCores: 80
- Max Storage: 4 TB
- Max Concurrent Workers: 1,600
- Max Concurrent Sessions: 32,767

Business Critical Tier:
- Max vCores: 80
- Max Storage: 16 TB
- Max Concurrent Workers: 1,600
- Max Concurrent Sessions: 32,767

Hyperscale Tier:
- Max vCores: 80
- Max Storage: 100 TB
- Max Concurrent Workers: 1,600
- Max Concurrent Sessions: 32,767

Answer 176

A

Azure SQL Database does not support the creation or execution of user-defined Common Language Runtime (CLR) assemblies. Although the clr enabled configuration option exists and is set to 1 by default, it is intended for internal functionalities that use CLR and does not allow user-defined CLR integration.

For scenarios that require CLR integration, Azure SQL Managed Instance supports CLR assemblies, enabling you to create stored procedures, triggers, user-defined functions, user-defined types, and user-defined aggregates using managed code.

If you are migrating an application that uses CLR assemblies to Azure SQL Database, you will need to refactor the application to eliminate CLR dependencies or consider using other Azure services that support CLR integration.

Answer 177

A

No, Azure SQL Database on a Virtual Machine (VM) does not support the Common Language Runtime (CLR). CLR integration is available in SQL Server instances running on Azure VMs, but not in the Azure SQL Database managed service.

Answer 178

A

Yes, Azure SQL Managed Instance supports Common Language Runtime (CLR) integration. This allows you to create and execute user-defined CLR assemblies, including stored procedures, triggers, user-defined functions, user-defined types, and user-defined aggregates in managed code.

To enable CLR integration in Azure SQL Managed Instance, you need to set the clr enabled option to 1 using the sp_configure stored procedure. Here is how you can do it:

```sql
EXEC sp_configure ‘clr enabled’, 1;
RECONFIGURE;
~~~

Make sure you have the necessary permissions to execute these commands.

Answer 179

A

No

In Azure SQL Database, In-Memory OLTP is not available in the General Purpose or Standard service tiers. This feature is supported in the Premium (DTU) and Business Critical (vCore) service tiers. The Hyperscale service tier supports some In-Memory OLTP objects but does not include memory-optimized tables.

If your workload requires In-Memory OLTP capabilities, consider using the Premium or Business Critical service tiers. These tiers are optimized for high-performance transaction processing workloads and provide the necessary support for In-Memory OLTP features.

Answer 180

A

The read scale-out feature is unavailable in Azure SQL Database’s General Purpose service tier. This feature, which allows offloading read-only workloads to secondary replicas, is available only in the Premium, Business Critical, and Hyperscale service tiers. Therefore, you cannot scale out read nodes in the General Purpose tier.

For scenarios requiring read scale-out capabilities, consider upgrading to one of the supported service tiers:

Premium/Business Critical: These tiers provide high availability with multiple replicas and support read scale-out by redirecting read-only queries to secondary replicas.
Hyperscale: This tier offers rapid scale-out by provisioning additional read replicas as needed, supporting up to four high-availability replicas and up to 30 named replicas for read workloads.

By selecting an appropriate service tier, you can effectively manage and scale your read workloads in Azure SQL Database.

Answer 181

A

To maintain high availability during a regional outage, Azure SQL Database in the General Purpose tier requires additional disaster recovery strategies beyond its default configuration. Here are the recommended options:

Active Geo-Replication: This feature allows you to create continuously synchronized readable secondary databases in different regions. In the event of a regional outage, you can manually fail over to a secondary database to maintain availability.
Auto-Failover Groups: This feature enables automatic failover of multiple databases to a secondary region. It provides consistent read-write and read-only listener endpoints, which remain unchanged during failover, simplifying application connectivity.

By implementing these strategies, you can ensure that your Azure SQL Database remains highly available even during regional outages.

Answer 182

A

Azure SQL Database’s Business Critical service tier provides high availability within a single region by maintaining multiple replicas of your database. However, this setup alone does not guarantee availability during a regional outage. To ensure resilience against regional failures, it is advisable to implement disaster recovery strategies like active geo-replication or failover groups. These strategies replicate your database to a secondary region, allowing for quick recovery and continuity of service during regional disruptions.

Answer 183

A

The recommended solution is B: Set up SQL Server Always On availability groups with a secondary replica in a different Azure region.

SQL Server Always On availability groups are optimized for maintaining near real-time data replication, which aligns well with the requirements of a 5-minute RPO and a 10-minute RTO. They provide application-level consistency and ensure transactional integrity, which is crucial for databases with strict recovery objectives. While Azure Site Recovery can replicate entire virtual machines, it may not consistently meet the 5-minute RPO for high-transactional databases and lacks application-level awareness. Additionally, Always On availability groups focus on replicating only the data changes, making them a more cost-effective and efficient solution for SQL Server disaster recovery compared to replicating the entire VM state.

Answer 184

A

The Always On feature in SQL Server on an Azure virtual machine (VM) is a high-availability and disaster recovery solution that enhances the reliability and resilience of SQL databases. It utilizes Availability Groups or Failover Cluster Instances to provide redundancy and failover support.

Here’s a detailed explanation:

Always On Availability Groups (AG): This feature allows you to group multiple databases and synchronize them across different SQL Server instances on separate VMs. Each Availability Group consists of a primary replica and multiple secondary replicas, offering:

High Availability: Automatic failover to a secondary replica if the primary fails.
Disaster Recovery: Deployment of replicas across different regions or zones for enhanced resilience.
Read Scale-Out: Offloading read-only queries to secondary replicas to improve performance.

Always On Failover Cluster Instances (FCI): This feature uses shared storage across multiple nodes in a failover cluster. It ensures SQL Server availability by failing over to another VM if the primary instance fails. FCI often utilizes Azure Premium File Shares or Azure Shared Disks for storage, enabling failover without the need for data replication.

Load Balancer: In Azure VMs, an Azure Load Balancer can be configured to direct traffic to the active SQL instance, particularly during failovers, ensuring seamless connectivity.

Benefits of Always On in Azure VMs:

Enhanced Availability: Increases uptime and resilience for mission-critical databases.
Geo-Disaster Recovery: Supports scenarios with geographically distributed replicas for improved disaster recovery.
Cost Optimization: Allows running active replicas in less expensive regions while maintaining failover capabilities.

In summary, SQL Always On for Azure VMs is an ideal solution for applications requiring high uptime and disaster recovery, offering flexibility in managing costs and resources across different regions.

Answer 185

A

For a large-scale Oracle database migration that requires high-performance OLTP workloads with automatic failover to a secondary region, the Business Critical service tier in Azure SQL Database is the recommended choice. Here’s why:

High Performance: The Business Critical tier provides high IOPS and low-latency I/O, essential for handling high-performance OLTP (Online Transaction Processing) workloads.
Automatic Failover: This tier offers geo-replication capabilities, enabling a secondary replica in a different region. In the event of a disaster, failover to this secondary region is automatic, ensuring robust disaster recovery.
High Availability and Redundancy: It uses a Premium Availability model with multiple replicas and automatic failover, providing built-in high availability within the primary region, enhancing reliability and durability for mission-critical applications.
Read Scale-Out: The Business Critical tier supports read scale-out to additional replicas, allowing you to offload read operations, which optimizes performance.

Answer 186

A

Azure SQL Database, as a fully managed Platform as a Service (PaaS) offering, provides high availability and disaster recovery features without requiring the Always On feature used in SQL Server on virtual machines. By default, Azure SQL Database ensures availability through local redundancy, keeping your database accessible during maintenance operations and local hardware failures.

For enhanced resilience, Azure SQL Database offers zone-redundant configurations, which protect against datacenter-level failures by replicating data across multiple availability zones within a region. This setup provides higher availability and fault tolerance compared to traditional Always On configurations.

In summary, Azure SQL Database does not use the Always On feature as implemented in SQL Server on VMs, but it delivers equivalent or superior high availability and disaster recovery capabilities through its built-in redundancy options.