ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 6 question 24 discussion

Actual exam question from Microsoft's AZ-500
Question #: 24
Topic #: 6
[All AZ-500 Questions]

DRAG DROP
-

You have an Azure subscription that contains the resources shown in the following table.



You need to configure network connectivity to meet the following requirements:

• Communication from VM1 to storage1 must traverse an optimized Microsoft backbone network.
• All the outbound traffic from VM1 to the internet must be denied.
• The solution must minimize costs and administrative effort.

What should you configure for VNet1 and NSG1? To answer, drag the appropriate components to the correct resources. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by elster at March 28, 2024, 2:34 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
elster
Highly Voted 1 year, 3 months ago
VNet1: service endpoint NSG1: service tag (Internet) within a deny inbound rule
upvoted 9 times
Hot_156
3 months, 3 weeks ago
WRONG!!!!!!! VNet1 - Private-endpoint - It is expensive than the service-endpoint, true! BUT! This is not cross-regional. It won't work! NSG1 - Service tag.
upvoted 2 times
tomchan2417
1 week ago
ever heard of this? https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?toc=%2Fazure%2Fvirtual-network%2Ftoc.json&tabs=azure-portal#azure-storage-cross-region-service-endpoints
upvoted 1 times
...
...
jorgesoma
12 months ago
within a deny OUTBOUND rule
upvoted 3 times
...
...
Inkster
Most Recent 2 months, 1 week ago
For question 1: Azure service endpoints are designed to provide secure and direct connectivity to Azure services over the Azure backbone network. However, they are not intended for cross-region connectivity. This means that if you have a virtual network (VNet) in East US and a storage account in West US, you cannot use a service endpoint to connect them directly. using a private endpoint would be a suitable solution for your scenario. Private endpoints allow you to securely connect to Azure services over a private IP address within your virtual network, regardless of the region
upvoted 1 times
...
ITFranz
1 year, 2 months ago
The answer can be found here. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview Pricing and limits There's no extra charge for using service endpoints. The current pricing model for Azure services (Azure Storage, Azure SQL Database, etc.) applies as-is today. There's no limit on the total number of service endpoints in a virtual network. Certain Azure services, such as Azure Storage Accounts, may enforce limits on the number of subnets used for securing the resource. Refer to the documentation for various services in the Next steps section for details. https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/security/security-service-tags An Azure service tag represents a group of IP addresses from/to which traffic from a specific service may come, which allows you to set up firewalls for a specific service to allow only traffic from certain services. Answer = VNET = Service Endpoint NSG = Service Tag
upvoted 3 times
...
Pamban
1 year, 2 months ago
2nd answer is wrong. It should be service tag. NSG: Service Tag Nsg and route table are 2 different things
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel