Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

Your company has an Azure SQL Database named db1 in the East US region. You need to ensure that developers on the corporate network can connect to db1 through the existing site-to-site VPN without exposing the database to the public internet. The solution must use only private IP addressing and minimize changes to routing. What should you configure?

  • Create a Private Endpoint for db1 in the virtual network that is connected by the VPN, and link a private DNS zone to that network.

  • Enable a virtual network service endpoint for Microsoft.Sql on the subnet that contains the VPN gateway.

  • Deploy an Azure Front Door instance with Web Application Firewall in front of db1.

  • Configure IP firewall rules on db1 to allow the on-premises public IP address space.

Microsoft Azure Security Engineer Associate AZ-500
Secure networking
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot