ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-100 All Questions

View all questions & answers for the AZ-100 exam
Go to Exam

Exam AZ-100 topic 2 question 5 discussion

Actual exam question from Microsoft's AZ-100
Question #: 5
Topic #: 2
[All AZ-100 Questions]

You have an Azure subscription that contains a storage account named account1.
You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The on-premises network uses a public IP address space of
131.107.1.0/24.
You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24.
You need to configure account1 to meet the following requirements:
✑ Ensure that you can upload the disk files to account1.
✑ Ensure that you can attach the disks to VM1.
✑ Prevent all other access to account1.
Which two actions should you perform? Each correct selection presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range.
  • B. From the Firewalls and virtual networks blade of account1, select Selected networks.
  • C. From the Firewalls and virtual networks blade of acount1, add VNet1.
  • D. From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to access this storage account.
  • E. From the Service endpoints blade of VNet1, add a service endpoint.
Show Suggested Answer Hide Answer
Suggested Answer: BE 🗳️
B: By default, storage accounts accept connections from clients on any network. To limit access to selected networks, you must first change the default action.

Azure portal -
1. Navigate to the storage account you want to secure.
2. Click on the settings menu called Firewalls and virtual networks.
3. To deny access by default, choose to allow access from 'Selected networks'. To allow traffic from all networks, choose to allow access from 'All networks'.
4. Click Save to apply your changes.
E: Grant access from a Virtual Network
Storage accounts can be configured to allow access only from specific Azure Virtual Networks.
By enabling a Service Endpoint for Azure Storage within the Virtual Network, traffic is ensured an optimal route to the Azure Storage service. The identities of the virtual network and the subnet are also transmitted with each request.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security
by needtopassexam at July 31, 2020, 4:39 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
needtopassexam
4 years, 10 months ago
To Upload files to account01 you need A right?
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel