AZ-500
The Database Wide Open
Defender for Cloud just fired a critical alert: "Azure SQL database accessible from the internet." Further investigation reveals: your production SQL database (prod-sqlserver-01) has a public endpoint enabled, the SQL server firewall has "Allow Azure Services" enabled AND a custom rule allowing 0.0.0.0 to 255.255.255.255 (all IPs). Defender for Cloud also flags that an Azure Storage account used by the SQL server for backups has no private endpoint and is accessible from all networks. Additionally, a penetration test report from last month — which nobody actioned — noted that the VMs connecting to the SQL database use the public internet rather than a private channel.
STEP 1 OF 5 — FREE PREVIEW
The SQL server firewall rule allowing 0.0.0.0 to 255.255.255.255 is an immediate critical exposure. What is the fastest action to contain this without taking the application offline, and what is the minimum-access firewall rule set you would replace it with?
🔒
Steps 2–5 require purchase
One-time purchase — lifetime access to all 5 AZ-500 labs
Sign in to purchase