ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam DP-201 All Questions

View all questions & answers for the DP-201 exam
Go to Exam

Exam DP-201 topic 3 question 21 discussion

Actual exam question from Microsoft's DP-201
Question #: 21
Topic #: 3
[All DP-201 Questions]

You have an Azure subscription that contains an Azure virtual machine and an Azure Storage account. The virtual machine will access the storage account.
You are planning the security design for the storage account.
You need to ensure that only the virtual machine can access the storage account.
Which two actions should you include in the design? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Select Allow trusted Microsoft services to access this storage account.
  • B. Select Allow read access to storage logging from any network.
  • C. Enable a virtual network service endpoint.
  • D. Set the Allow access from setting to Selected networks.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
C: Virtual Network (VNet) service endpoint provides secure and direct connectivity to Azure services over an optimized route over the Azure backbone network.
Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Service Endpoints enables private IP addresses in the VNet to reach the endpoint of an Azure service without needing a public IP address on the VNet.
A: You must have Allow trusted Microsoft services to access this storage account turned on under the Azure Storage account Firewalls and Virtual networks settings menu.
Incorrect Answers:
D: Virtual Network (VNet) service endpoint policies allow you to filter egress virtual network traffic to Azure Storage accounts over service endpoint, and allow data exfiltration to only specific Azure Storage accounts. Endpoint policies provide granular access control for virtual network traffic to Azure Storage when connecting over service endpoint.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
by DongDuong at April 10, 2021, 2:25 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Invalid
Highly Voted 4 years, 1 month ago
Answer: CD
upvoted 23 times
cadio30
4 years ago
This is the appropriate configuration for the requirement
upvoted 2 times
...
...
rahul_t
Most Recent 4 years, 1 month ago
Should be A and D: https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-portal#grant-access-from-a-virtual-network
upvoted 3 times
rahul_t
4 years, 1 month ago
I meant C and D
upvoted 4 times
JohnCrawford
4 years, 1 month ago
I agree with rahul_t. A. Select Allow trusted Microsoft services to access this storage account. No - this setting is too broad and does not restrict access to the VM which is NOT a Microsoft service in this usage B. Select Allow read access to storage logging from any network. Again, too permissive. We want to limit access not allow it from anywhere. C. Enable a virtual network service endpoint. - First step D. Set the Allow access from setting to Selected networks. - Second step
upvoted 6 times
...
...
...
DongDuong
4 years, 1 month ago
Hmm, why not D instead of A?
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel