ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 3 question 9 discussion

Actual exam question from Microsoft's AZ-500
Question #: 9
Topic #: 3
[All AZ-500 Questions]

HOTSPOT -
You create resources in an Azure subscription as shown in the following table.

VNET1 contains two subnets named Subnet1 and Subnet2. Subnet1 has a network ID of 10.0.0.0/24. Subnet2 has a network ID of 10.1.1.0/24.
Contoso1901 is configured as shown in the exhibit. (Click the Exhibit tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Yes -
Access from Subnet1 is allowed.

Box 2: No -
No access from Subnet2 is allowed.

Box 3: Yes -
Access from IP address 193.77.10.2 is allowed.
by gcpbrig01 at March 14, 2021, 4:51 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
JohnYinToronto
Highly Voted 4 years, 3 months ago
answers correct
upvoted 39 times
...
poplovic
Highly Voted 3 years, 10 months ago
VirtualNetRule allows subnet1. IpRules allow 193.77.0.0/16. default action is deny. Therefore, Subnet1 yes, Subnet2 no, 193.77.0.2 yes (in the 193.77.0.0./16) range, details in http://networkcalculator.ca/cidr-calculator.php Network = 193.77.0.0 Usable IPs = 193.77.0.1 to 193.77.255.254 for 65534 Broadcast = 193.77.255.255 Netmask = 255.255.0.0 Wildcard Mask = 0.0.255.255
upvoted 17 times
...
hogehogehoge
Most Recent 1 year, 9 months ago
I think Box3 is No. Because Default action is Deny.
upvoted 1 times
pentium75
11 months, 2 weeks ago
But "default action" is applied only when no rule is matched. Here the client's IP does match the "allowed networks" rule.
upvoted 1 times
...
...
heatfan900
1 year, 10 months ago
Y, N, Y Subnet1 is allowed to access the SA internally. Subnet2 is NOT allowed to access the SA internally. Connecting from THE 193.77/16 public network allows access to the SA.
upvoted 2 times
...
Self_Study
1 year, 11 months ago
On exam 7/8/23. Answers are correct.
upvoted 4 times
...
majstor86
2 years, 4 months ago
YES NO YES
upvoted 4 times
...
ligu
2 years, 4 months ago
Answers are correct
upvoted 1 times
...
Sweet_co
2 years, 11 months ago
In exam: 20-7-2022
upvoted 8 times
...
NinjaSchoolProfessor
2 years, 12 months ago
In exam 15-July-2022
upvoted 6 times
...
acexyz
3 years ago
# IN EXAM - 30/6/2022
upvoted 4 times
...
alou333
3 years, 1 month ago
# IN EXAM - 3rd june 2022 (online). Lot of new questions. Good luck !
upvoted 4 times
bbcc
3 years ago
@alou333 Is there simulations in the online exam?
upvoted 1 times
...
...
adamsca
3 years, 7 months ago
# Exam Question 12/10/2021
upvoted 5 times
...
Jco
3 years, 9 months ago
#exam question # 29 Sep
upvoted 3 times
...
francis6170
3 years, 9 months ago
Got this in the AZ-500 exam (Sept 2021)! A: Y,N,Y
upvoted 4 times
JChris
3 years, 9 months ago
Hello francis, was there any simulation question? Thanks in advance for your response.
upvoted 1 times
draddo9
3 years, 9 months ago
Hi JChris! I will answer coz I had exam 3 days ago also. There were not any simulation questions. First 3-5 question were the case question (big amount of text, describing company, resources in Azure and ideas and things to create in future by company). I hope it helps :)
upvoted 8 times
...
...
...
Triones
4 years ago
can someone explain why the first rule deny didn't take effect? is it overwrite?
upvoted 2 times
Jacquesvz
3 years, 12 months ago
the "first rule" you are referring to means what is the default action to allow access. It's set to deny, which is correct, as you would explicitly deny access and then either grant access to a vnet or ip address, like the example shows. The given answers are correct.
upvoted 7 times
...
LeeMyungjin
2 years, 2 months ago
"By default, storage accounts accept connections from clients on any network. You can limit access to selected networks or prevent traffic from all networks and permit access only through a private endpoint. You must set the default rule to deny, or network rules have no effect. However, changing this setting can affect your application's ability to connect to Azure Storage. Be sure to grant access to any allowed networks or set up access through a private endpoint before you change this setting." Source: https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-portal
upvoted 1 times
...
...
kubikula
4 years, 2 months ago
Would be someone so kind to justify with the ip subnet calculation to justify how 10.0.0.0/24. Subnet2 has a network ID of 10.1.1.0/24 are allowed into that range? Thanks in advance. Jacobo
upvoted 2 times
DCarma
4 years ago
Not sure what you mean... the 3rd command shows that Subnet1 is allowed. The range of Subnet1 is 10.0.0.0/24 (10.0.0.0 - 10.0.0.255). Subnet2 10.1.1.0/24 (10.1.1.0 - 10.1.1.255) is not allowed anywhere so the answer is no. Finally, range 193.77.0.0/16 (193.77.0.0 - 193.77.255.255) is allowed, so 193.77.10.2 would be allowed as it is within this range. Hope that helps?
upvoted 8 times
...
...
Cyberbug2021
4 years, 2 months ago
YES - NO - YES
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel