ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-700 All Questions

View all questions & answers for the AZ-700 exam
Go to Exam

Exam AZ-700 topic 4 question 10 discussion

Actual exam question from Microsoft's AZ-700
Question #: 10
Topic #: 4
[All AZ-700 Questions]

You have an Azure virtual network that contains a subnet named Subnet1. Subnet1 is associated to a network security group (NSG) named NSG1. NSG1 blocks all outbound traffic that is not allowed explicitly.
Subnet1 contains virtual machines that must communicate with the Azure Cosmos DB service.
You need to create an outbound security rule in NSG1 to enable the virtual machines to connect to Azure Cosmos DB.
What should you include in the solution?

  • A. a service tag
  • B. a service endpoint policy
  • C. a subnet delegation
  • D. an application security group
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Pravda at Dec. 3, 2021, 5:50 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
HTD
Highly Voted 3 years, 2 months ago
The ideal optoin is a Private point , but the question says outbound connection is needed , then adding a rule with a service tag make sense , also if security is not a concern and cost is needed to be minimum. Else a Private point is a perfect solution here
upvoted 7 times
jeffangel28
2 years, 10 months ago
100% right!
upvoted 1 times
...
...
Lazylinux
Highly Voted 1 year, 9 months ago
Selected Answer: B
B is Honey I cannot believe everyone voted A, i think because everyone is fixated with Service Tags, it would be correct for most Azure services but NOT COSMOS here is why and check the link for yourself from MS **NSG rules are used to limit connectivity to and from a subnet with virtual network. When you add service endpoint for Azure Cosmos DB to the subnet, there's no need to open outbound connectivity in NSG for your Azure Cosmos DB account.** https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-configure-vnet-service-endpoint Also check https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-configure-vnet-service-endpoint
upvoted 5 times
Inderdation
1 year, 3 months ago
Even though your answers are helpful at times, you also talk a lot of smack... 'I cannot believe everyone....' Come on man.
upvoted 5 times
...
Sergovladi
5 months, 1 week ago
Correct. It is not possible to access Cosmos DB directly from any VNET without Service Endpoint with configured Policies in our case of choices
upvoted 1 times
...
3e4d0a6
7 months, 1 week ago
the question says that you must You create an outbound security rule in NSG1 to enable the virtual machines to connect to Azure Cosmos DB , so Endpoint option is not priviliged for this case
upvoted 1 times
...
FN21
1 year, 9 months ago
You miss this part in the question "NSG1 blocks all outbound traffic that is not allowed explicitly" :-)
upvoted 2 times
...
Load full discussion...
...
DPK11
Most Recent 5 months ago
Selected Answer: A
When you create an outbound security rule in NSG the only options for Destination field are IP adresses or a Service Tag
upvoted 1 times
...
Murad01
1 year, 6 months ago
Appeared on the Exam November -2023
upvoted 2 times
...
Billabongs
1 year, 11 months ago
Selected Answer: A
Correct Answer https://learn.microsoft.com/en-us/azure/virtual-network/service-tags-overview#available-service-tags
upvoted 2 times
galahad
1 year, 4 months ago
I read the link you provided Billabongs so thanks for the info so then the answer based on the link should be A.
upvoted 1 times
...
...
JennyHuang36
2 years, 4 months ago
In exam Feb, 2023
upvoted 1 times
...
Alessandro365
2 years, 9 months ago
Selected Answer: A
A is correct
upvoted 2 times
...
tartarus23
2 years, 11 months ago
Selected Answer: A
A. a service tag Create a service tag pointing to Azure Cosmos DB to allow the outbound connectivity.
upvoted 5 times
...
zerocool114
2 years, 11 months ago
on exam today
upvoted 2 times
...
unclegrandfather
3 years ago
Appeared on exam Jun/28/22
upvoted 1 times
...
VonKellus
3 years, 2 months ago
why not B. a private endpoint?
upvoted 2 times
...
rockethack
3 years, 4 months ago
This question was on the exam on 18th Feb 2022.
upvoted 1 times
...
nitinkumarmca
3 years, 4 months ago
Selected Answer: A
Service Tags
upvoted 4 times
...
Joshalom
3 years, 4 months ago
on exam 6/2/2022
upvoted 1 times
...
Pravda
3 years, 5 months ago
on exam 1/6/2022
upvoted 3 times
...
Pravda
3 years, 6 months ago
What is service tag in Azure? Image result for azure service tags A service tag represents a group of IP address prefixes from a given Azure service. ... You can use service tags to define network access controls on network security groups or Azure Firewall. Use service tags in place of specific IP addresses when you create security rules.
upvoted 5 times
...
SSTan
3 years, 6 months ago
User defined service tag to enable to connection to Cosmos DB.
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel