ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-303 All Questions

View all questions & answers for the AZ-303 exam
Go to Exam

Exam AZ-303 topic 1 question 43 discussion

Actual exam question from Microsoft's AZ-303
Question #: 43
Topic #: 1
[All AZ-303 Questions]

HOTSPOT -
You have several Azure virtual machines on a virtual network named VNet1. Vnet1 has two subnets that have 10.2.0.0/24 and 10.2.9.0/24 address spaces.
You configure an Azure Storage account as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: always -
Endpoint status is enabled.

Box 2: Never -
After you configure firewall and virtual network settings for your storage account, select Allow trusted Microsoft services to access this storage account as an exception to enable Azure Backup service to access the network restricted storage account.

Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows https://azure.microsoft.com/en-us/blog/azure-backup-now-supports-storage-accounts-secured-with-azure-storage-firewalls-and-virtual-networks/
by janclintv at May 31, 2021, 4:12 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
raghuramr050582
Highly Voted 4 years ago
it should be never never because we have give acces to only one subnet
upvoted 57 times
...
erickim007
Highly Voted 4 years ago
should be 'never' and 'never'.
upvoted 25 times
...
rxlicon
Most Recent 1 year, 10 months ago
1. never because the firewall allows the other subnet only 2. never because microsoft services are not enabled to pass through
upvoted 1 times
...
justfordevelopment
3 years, 3 months ago
In the exam on 12-03-2022. Total 50 questions including case study. "Litware Acquired Fabricam" case study.
upvoted 2 times
...
azahran
3 years, 3 months ago
Never Never
upvoted 1 times
...
ranjitklive
3 years, 4 months ago
The answer may be Never/Never. To communication outside VNET, either "service endpoint" is enabled or "Allow trusted Microsoft services" is ticked. In this case, neither is the case. 1) The service endpoint is enabled on subnet 10.2.0.0/24 and not 10.2.9.0/24. 2) Allow trusted Microsoft services is also not checked off.
upvoted 1 times
...
Dileep75
3 years, 5 months ago
Private endpoint enables connectivity between the consumers from the same: Virtual Network Regionally peered virtual networks Globally peered virtual networks On premises using VPN or Express Route Services powered by Private Link So answer is correct..
upvoted 1 times
JayBee65
3 years, 4 months ago
Its not a private endpoint its a service endpoint. "You can enable a Service endpoint for Azure Storage within the VNet. The service endpoint routes traffic from the VNet through an optimal path to the Azure Storage service. The identities of the subnet and the virtual network are also transmitted with each request. Administrators can then configure network rules for the storage account that allow requests to be received from specific subnets in a VNet. Clients granted access via these network rules must continue to meet the authorization requirements of the storage account to access the data." From https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security?toc=%2Fazure%2Fvirtual-network%2Ftoc.json&tabs=azure-portal#grant-access-from-a-virtual-network. Since only the 10.2.0 subnet is granted access, VMs in 10.2.9 will not have access.
upvoted 1 times
...
...
plmmsg
3 years, 6 months ago
should be never, never
upvoted 1 times
...
AberdeenAngus
3 years, 6 months ago
I tested the connection to the file share. My VM on 10.2.9.0 could connect to port 445 (SMB) but got "Access denied". In the Network Watcher/Next hop test, for the VM on 10.2.0.0 I got VirtualNetworkServiceEndpoint, for the VM on 10.2.9.0 I got Internet
upvoted 2 times
...
edmacoar123
3 years, 7 months ago
On exam today 19/11/21. NEVER/NEBVER. Score 860.
upvoted 6 times
...
Aaaashish
3 years, 7 months ago
never never
upvoted 2 times
...
chupacabra
3 years, 8 months ago
The answer is Never/Never. The service endpoint is enabled on subnet 10.2.0.0/24 and not 10.2.9.0/24. Allow trusted Microsoft services is also not checked off.
upvoted 5 times
...
dandynamite
3 years, 8 months ago
The first is Always since the storage account allow the subnet which has service endpoint enabled
upvoted 1 times
...
anicky
3 years, 9 months ago
the answer is never never.
upvoted 3 times
...
syu31svc
3 years, 10 months ago
The subnet that is with 10.2.9.0/24 address space is not whitelisted. Allow trusted Microsoft services is not enabled. Therefore, the Azure Backup service will not have access to the storage account. So it's "Never" for both
upvoted 4 times
...
MinhajR
3 years, 10 months ago
On Exam 27/08/2021
upvoted 3 times
...
sang_1801
3 years, 11 months ago
Never, Never 100%
upvoted 4 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel