You create an Azure SQL server with a firewall rule allowing IP range 192.168.1.0 to 192.168.1.255. A client with IP 192.168.2.10 tries to connect. What happens?
Firewall rules restrict access by IP address ranges.
Azure SQL firewall rules allow or block client IP addresses. Only IPs within the allowed range can connect. 192.168.2.10 is outside the allowed range, so connection is blocked.
Which Azure CLI command correctly creates a firewall rule named 'AllowOffice' for IP 203.0.113.5 on an Azure SQL server named 'myserver' in resource group 'mygroup'?
Check Azure CLI syntax for creating firewall rules on SQL servers.
The correct command uses 'az sql server firewall-rule create' with parameters for resource group, server, rule name, and start/end IP addresses.
What is the security impact of enabling the 'Allow Azure services and resources to access this server' option in Azure SQL firewall?
Think about what 'Allow Azure services' means for network access scope.
Enabling this option allows all Azure services, regardless of subscription or resource group, to access the server. This broadens access and can increase risk if not managed carefully.
You have an on-premises network with dynamic IP addresses connecting to Azure SQL. Which approach best secures access while allowing connectivity?
Consider secure network connectivity options between on-premises and Azure.
Using VPN or ExpressRoute provides a fixed IP or range for on-premises traffic, allowing firewall rules to be precise and secure. Dynamic IPs are hard to manage manually.
You want to follow the least privilege principle for Azure SQL firewall rules. Which practice is best?
Least privilege means granting only the access needed, no more.
Small IP ranges limit exposure. Removing unused rules reduces attack surface. Broad ranges or enabling all Azure services without control increases risk.