Free Microsoft DP-300 Practice Exam with Questions & Answers | Set: 7

SQL injection attacks are a type of cyberattack that exploit a vulnerability in the application code that interacts with the database.  An attacker can inject malicious SQL statements into the user input, such as a form field or a URL parameter, and execute them on the databas e server, resulting in data theft, corruption, or unauthorized access 1 .

To protect all the databases on sql37006S95 from SQL injection atta cks, you need to follow some best practices for securing your application and database layers. Here are some of the recommended steps:

Use parameterized queries or stored procedures to separate the SQL code from the user input.  This will prevent the user input from being interpreted as part of the SQL statement and avoid SQL injection 2 3 .

Validate and sanitize the user input before passing it to the database.  This will ensure that the input conforms to the expected format and type, and remove any potentia lly harmful characters or keywords 4 .

Implement least privilege access for the database users and roles.  This will limit the permissions and actions that the application can perform on the database, and reduce the impact of a successful SQL injection attack 5 .

Enable Advanced Threat Protection for Azure SQL Database. This is a feature that detects and alerts you of anomalous activities and potential threats on yo ur database, such as SQL injection, brute force attacks, or unusual access patterns. You can configure the alert settings and notifications using the Azure portal or PowerShell.

These are some of the steps to protect all the databases on sql37006S95 from S QL injection attacks.

To ensure that all queries executed against dbl are captured in the Query Store, you need to enable the Query Store feature for the database and set the query capture mode to ALL.  The Query Store feature provides you with insight on query plan choice and performance for Azure SQL Database 1 .  The query capture mode controls whether all queries or only a subset of quer ies are tracked 2 .

Here are the steps to enable the Query Store and set the query capture mode to ALL for the database dbl:

Using the Azure portal:

Go to the Azure portal and select your Azure SQL Database server.

Select the database dbl and click on Query Performance Insight in the left menu.

Click on Configure Query Store and turn on the Query Store switch.

In the Query Capture Mode dropdown, select All and click on Save.

Using Transact-SQL statements:

Connect to the Azure SQL Database server and the database dbl using SQL Server Management Studio or Azure Data Studio.

Run the following command to enable the Query Store f or the database:  ALTER DATABASE dbl SET QUERY_STORE = ON;

Run the following command to set the query capture mode to ALL for the database:  ALTER DATABASE dbl SET QUERY_STORE (QUERY_CAPTURE_MODE = ALL);

These are the steps to ensure that all queries execute d against dbl are captured in the Query Store.

To configure sq1370O6895 to support the creation of new database users from Azure AD identities, you need to do the following steps:

Set up a Microsoft Entra tenant and associate it with your Azure subscription.  You can use the Microsoft Entra portal or the Azure portal to create and manage your Microsoft Entra users and groups 1 2 .

Configure a Microsoft Entra admin for sq1370O6895.  You can use the Azure portal or the Azure CLI to set a Microsoft Entra user as the ad min for the server 3 4 .  The Microsoft Entra admin can create other database users from Microsoft Entra identities 5 .

Connect to db1 using the Microsoft Entra admin account and run the following Transact-SQL statement to create a new database user from a Microsoft Entra identity:  CREATE USER [Microsoft Entra user name] FROM EXTERNAL PROVIDER; 6  You can replace the Microsoft Entra user name with the name of the user or group that you want to create in the database.

Grant the appropriate permissions to the new database user by adding them to a database role or granting them specific privileges. For example, you can run the following Transact-SQL statement to add the new user to the db_datareader role:  ALTER ROLE db_datareader ADD MEMBER [Microsoft Entra user name];

These are the steps to configure sq1370O6895 to support the creation of new database users from Azure AD identities.