ExpertHard1 markMultiple Choice
AZ-305 · Question 39 · Domain 4.1: Compute Solutions
A financial application is hosted on Azure App Service (Premium V3 plan).
The architecture has the following strict security and operational requirements:
- The App Service must securely access a backend Azure SQL Database over a private IP address.
- The App Service itself must only be accessible from the corporate on-premises network (via ExpressRoute); all public internet access must be blocked.
- Deployments of new application versions must result in zero downtime.
Which THREE features must you configure to meet these requirements? (Select THREE)
A financial application is hosted on Azure App Service (Premium V3 plan).
The architecture has the following strict security and operational requirements:
- The App Service must securely access a backend Azure SQL Database over a private IP address.
- The App Service itself must only be accessible from the corporate on-premises network (via ExpressRoute); all public internet access must be blocked.
- Deployments of new application versions must result in zero downtime.
Which THREE features must you configure to meet these requirements? (Select THREE)
Answer options:
A.
VNet Integration
B.
Private Endpoint
C.
Deployment Slots
D.
Service Endpoints
E.
Azure Front Door
F.
App Service Environment (ASE)
How to approach this question
Map requirements to features: Outbound to VNet = VNet Integration. Inbound from VNet = Private Endpoint. Zero downtime = Deployment Slots.
Full Answer
VNet Integration, Private Endpoint, Deployment Slots
To meet the requirements: 1) VNet Integration is required for the App Service to route outbound traffic into the VNet to reach the SQL database. 2) A Private Endpoint is required to give the App Service a private IP for inbound traffic from the ExpressRoute, effectively blocking public internet access. 3) Deployment Slots are the App Service feature used to stage deployments and perform a VIP swap for zero-downtime releases.
Common mistakes
Confusing VNet Integration (outbound) with Private Endpoints (inbound). Both are required for full two-way private connectivity.
Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 3
55 questions · hints · full answers · grading
More questions from this exam
Q01Contoso Ltd is a global manufacturing company with 50,000 employees across 30 countries. They cur...MediumQ02Fabrikam Inc. is a Managed Service Provider (MSP) managing Azure environments for 50 different en...HardQ03A financial institution generates 5 TB of telemetry and audit logs daily across its Azure environ...MediumQ04A retail company has recently migrated several workloads to Azure. The IT Director wants a centra...EasyQ05A healthcare organization with 10,000 employees uses on-premises Active Directory. They are migra...Hard