You have an Azure virtual machine named VM1 on a virtual network named VNet1. Outbound traffic from VM1 to the internet is blocked. You have an Azure SQL database named SqlDb1 on a logical server named SqlSrv1.
You need to implement connectivity between VM1 and SqlDb1 to meet the following requirements:
– Ensure that all traffic to the public endpoint of SqlSrv1 is blocked.
– Minimize the possibility of VM1 exfiltrating data stored in SqlDb1.
What should you create on VNet1?
A . a VPN gateway
B . a service endpoint
C . a private link
D . an ExpressRoute gateway
Answer: C
Explanation:
Azure Private Link enables you to access Azure PaaS Services (for example, Azure Storage and SQL Database) and Azure hosted customer-owned/partner services over a private endpoint in your virtual network.
Traffic between your virtual network and the service travels the Microsoft backbone network. Exposing your service to the public internet is no longer necessary.
Reference:
https://docs.microsoft.com/en-us/azure/private-link/private-link-overview