Basic Concept: This question tests high availability and disaster recovery design for Azure SQL, SQL Server on Azure VMs, and regional failure scenarios.
Why D is Correct: Configure connection strings that reference the read-write listener. is correct because it is the feature whose normal purpose matches the stated requirement. Configure connection strings that reference the read-write listener. is part of the availability or recovery design space, but the correct choice must satisfy the specified failover, restore, quorum, RPO, or RTO requirement. The scenario wording points to that specific behavior: You need to recommend which configuration to perform twice to enable access to the primary and secondary replicas of DB3.
Why A is Wrong: A service endpoint secures traffic to an Azure service over the Azure backbone but still targets the service public endpoint rather than giving it a private IP in the VNet. It is not wrong technology in general, but it is the wrong HA/DR control for this scenario ' s failure model.
Why B is Wrong: Database-level firewall rules restrict access to a specific Azure SQL database and are more granular than server-level firewall rules. It does not meet the failover, restore, quorum, or cross-region continuity target stated in the question, even if it is valid in a different availability design.
Why C is Wrong: Create database-scoped credentials. is part of the availability or recovery design space, but the correct choice must satisfy the specified failover, restore, quorum, RPO, or RTO requirement. It handles a different resilience pattern and would not deliver the failover or recovery behavior required here.
