ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 5 question 93 discussion

Actual exam question from Microsoft's AZ-104
Question #: 93
Topic #: 5
[All AZ-104 Questions]

HOTSPOT -

You have an Azure subscription that contains the virtual machines shown in the following table.



The subscription contains a storage account named contoso2024 as shown in the following exhibit.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Show Suggested Answer Hide Answer
Suggested Answer:
by Henrytml at Aug. 21, 2024, 1:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
69b9d7c
Highly Voted 8 months, 3 weeks ago
YYN, VM1 is connected to VNet1/Subnet1, and its public IP is listed in the firewall rules, so it can connect. (YES) VM2 is connected to VNet1/Subnet2 (different subnet), but its public IP (150.120.10.10) is listed in the firewall rules, so it can still connect. (YES) VM3 is also connected to VNet1/Subnet1, and its public IP is listed in the firewall rules, so it can connect. (Note that third statement says "must", so, the better answer is NO)
upvoted 17 times
d6f865d
5 months, 3 weeks ago
YNN, The enabled from selected virtual networks means you can get to the storage account using the public IP, for private IP you need an endpoint configured. Subnet1 is selected and its IP is in the firewall table so the first one is yes VM2 is not included so even though its public IP is in the firewall table it can't be used so no VM3 can only use the public IP since private endpoint is not configured so no
upvoted 2 times
...
ozansenturk
4 months, 3 weeks ago
YYN Virtual Network Rules: These control access to the storage account based on the virtual network and subnet configurations. When a subnet is allowed, all resources in that subnet can access the storage account via private endpoints or the virtual network. Firewall Rules: These allow or deny access to the storage account based on public IP addresses or IP ranges. If you explicitly allow a public IP address in the firewall rules, it bypasses the virtual network restrictions.
upvoted 2 times
...
itismadu
8 months, 1 week ago
I agree I think YYN is correct They can all use their public IP to connect. notice that there even a suggestion to add the IP you are using to access the Azure portal (client IP) . So subnet is for private IPs while the firewall is for Public IPS . 3rd is no because it says Must
upvoted 2 times
...
...
[Removed]
Highly Voted 8 months ago
WRONG Yes Yes No ..
upvoted 5 times
...
adanit2011
Most Recent 3 months ago
The correct answer is N,N,Y VM1 can connect to contoso2024 by using 131.107.10.10 (No): When using service endpoints, internal Azure resources such as virtual machines should have their subnet allowed and use their private IP to access the resource. Since VM1 is within VNET1/Subnet1, it should not use its public IP to access the resource. VM2 can connect to contoso2024 by using 150.120.10.10 (No): As previously mentioned, internal Azure resources should use the Virtual Network IP to access resources with the service endpoint enabled. Public IP access is restricted to virtual machines outside of Azure, and in this case, subnet2 is also not allowed. VM3 must use its Private IP address to connect to contoso2024 (Yes): As explained earlier, with contoso2024 using service endpoints, you need to have a link with the allowed VNET/SUBNET and use the private IP to access the resource.
upvoted 1 times
...
Sickcnt
8 months, 2 weeks ago
Cloud network architect here, YYN Answer3: if you add a VNet and subnets, every VM in that subnet can reach the storage account over its public IP. However, without a private endpoint, the VMs won’t be able to access the storage account via a private IP; they’d still go through the public internet
upvoted 3 times
...
HamedB
9 months ago
VM1 and VM3 must use their private IP to access the storage account. NYY
upvoted 3 times
12Micha
8 months, 3 weeks ago
Because it says endpoint status enabled on subnet1 likely. Agreed NYY
upvoted 2 times
KR_Bala
5 months, 3 weeks ago
yes, azure will prefer to use private IPs to connect with storage account as described below on the given link. "Virtual Network (VNet) service endpoint provides secure and direct connectivity to Azure services over an optimized route over the Azure backbone network. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Service Endpoints enables private IP addresses in the VNet to reach the endpoint of an Azure service without needing a public IP address on the VNet." https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
upvoted 1 times
...
...
...
FatFatSam
9 months, 1 week ago
I think Yes, Yes, No. VM3 is at the same situation as VM1.
upvoted 2 times
...
Henrytml
9 months, 1 week ago
Yes,Yes,Yes
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel