ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 5 question 93 discussion

Actual exam question from Microsoft's AZ-104
Question #: 93
Topic #: 5
[All AZ-104 Questions]

HOTSPOT -

You have an Azure subscription that contains the virtual machines shown in the following table.



The subscription contains a storage account named contoso2024 as shown in the following exhibit.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Show Suggested Answer Hide Answer
Suggested Answer:
by Henrytml at Aug. 21, 2024, 1:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
69b9d7c
Highly Voted 10 months, 1 week ago
YYN, VM1 is connected to VNet1/Subnet1, and its public IP is listed in the firewall rules, so it can connect. (YES) VM2 is connected to VNet1/Subnet2 (different subnet), but its public IP (150.120.10.10) is listed in the firewall rules, so it can still connect. (YES) VM3 is also connected to VNet1/Subnet1, and its public IP is listed in the firewall rules, so it can connect. (Note that third statement says "must", so, the better answer is NO)
upvoted 18 times
d6f865d
7 months, 2 weeks ago
YNN, The enabled from selected virtual networks means you can get to the storage account using the public IP, for private IP you need an endpoint configured. Subnet1 is selected and its IP is in the firewall table so the first one is yes VM2 is not included so even though its public IP is in the firewall table it can't be used so no VM3 can only use the public IP since private endpoint is not configured so no
upvoted 2 times
...
ozansenturk
6 months, 1 week ago
YYN Virtual Network Rules: These control access to the storage account based on the virtual network and subnet configurations. When a subnet is allowed, all resources in that subnet can access the storage account via private endpoints or the virtual network. Firewall Rules: These allow or deny access to the storage account based on public IP addresses or IP ranges. If you explicitly allow a public IP address in the firewall rules, it bypasses the virtual network restrictions.
upvoted 2 times
...
itismadu
9 months, 3 weeks ago
I agree I think YYN is correct They can all use their public IP to connect. notice that there even a suggestion to add the IP you are using to access the Azure portal (client IP) . So subnet is for private IPs while the firewall is for Public IPS . 3rd is no because it says Must
upvoted 2 times
...
...
vavra
Most Recent 4 days, 20 hours ago
NYY VM1's subnet is enlisted in storage account firewall. So it will actually use its private IP. The standard meaning of 'can' in Azure certification tests is 'will do'. Therefore N, inthe diagnostics log attached to a SA we could see a VM1's private ip. I can imagine scenario where I'd change hosts and OS route table on VM1 to force use the public IP of VM1. But I don't think intended. Bad wording ... Y - VM2's subnet2 is not in storage account firewall, it'll go over the public internet. Y - Same situation as VM1 but opposite question, and bad wording. If we understand 'must' as will do, so its what will actually happen.
upvoted 1 times
...
adanit2011
4 months, 2 weeks ago
The correct answer is N,N,Y VM1 can connect to contoso2024 by using 131.107.10.10 (No): When using service endpoints, internal Azure resources such as virtual machines should have their subnet allowed and use their private IP to access the resource. Since VM1 is within VNET1/Subnet1, it should not use its public IP to access the resource. VM2 can connect to contoso2024 by using 150.120.10.10 (No): As previously mentioned, internal Azure resources should use the Virtual Network IP to access resources with the service endpoint enabled. Public IP access is restricted to virtual machines outside of Azure, and in this case, subnet2 is also not allowed. VM3 must use its Private IP address to connect to contoso2024 (Yes): As explained earlier, with contoso2024 using service endpoints, you need to have a link with the allowed VNET/SUBNET and use the private IP to access the resource.
upvoted 1 times
...
Sickcnt
10 months ago
Cloud network architect here, YYN Answer3: if you add a VNet and subnets, every VM in that subnet can reach the storage account over its public IP. However, without a private endpoint, the VMs won’t be able to access the storage account via a private IP; they’d still go through the public internet
upvoted 3 times
...
HamedB
10 months, 2 weeks ago
VM1 and VM3 must use their private IP to access the storage account. NYY
upvoted 3 times
12Micha
10 months, 1 week ago
Because it says endpoint status enabled on subnet1 likely. Agreed NYY
upvoted 2 times
KR_Bala
7 months, 1 week ago
yes, azure will prefer to use private IPs to connect with storage account as described below on the given link. "Virtual Network (VNet) service endpoint provides secure and direct connectivity to Azure services over an optimized route over the Azure backbone network. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Service Endpoints enables private IP addresses in the VNet to reach the endpoint of an Azure service without needing a public IP address on the VNet." https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
upvoted 1 times
...
...
...
FatFatSam
10 months, 3 weeks ago
I think Yes, Yes, No. VM3 is at the same situation as VM1.
upvoted 2 times
...
Henrytml
10 months, 4 weeks ago
Yes,Yes,Yes
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel