ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-700 All Questions

View all questions & answers for the AZ-700 exam
Go to Exam

Exam AZ-700 topic 4 question 14 discussion

Actual exam question from Microsoft's AZ-700
Question #: 14
Topic #: 4
[All AZ-700 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
✑ A virtual network named Vnet1
✑ A subnet named Subnet1 in Vnet1
✑ A virtual machine named VM1 that connects to Subnet1
✑ Three storage accounts named storage1, storage2, and storage3
You need to ensure that VM1 can access storage1. VM1 must be prevented from accessing any other storage accounts.
Solution: You create a network security group (NSG) and associate the NSG to Subnet1.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by BenH at June 2, 2022, 2:30 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
derrrp
Highly Voted 1 year, 5 months ago
Assuming the NSG does not magically know what you're trying to do, we can assume the answer is no.
upvoted 35 times
...
tartarus23
Highly Voted 1 year, 6 months ago
Selected Answer: B
B. No I do not think it meets the goal since the NSG was not specific on what account or access it allowed or denied.
upvoted 12 times
...
omgMerrick
Most Recent 11 months ago
Selected Answer: B
B. No This solution does not fully meet the goal. Although creating a network security group (NSG) and associating it to Subnet1 is a step in the right direction for securing network traffic, simply associating an NSG to a subnet does not restrict outbound traffic from VM1 to the storage accounts. To ensure that VM1 can access storage1 and is prevented from accessing any other storage accounts, you need to apply a specific set of rules to the NSG. One way to achieve this is by configuring the NSG to allow outbound traffic only to storage1 and deny outbound traffic to all other storage accounts. So, to fully meet the goal, you need to create an NSG, associate it to Subnet1, and then configure appropriate rules in the NSG to allow traffic from VM1 to storage1 and block traffic to all other storage accounts.
upvoted 4 times
...
TJ001
11 months, 4 weeks ago
NSG wont help...we can define rules to deny/allow access to Storage service or a regional storage service by using service tags...but in this case the VM should access only one storage account... so NSG wont help here... Answer No
upvoted 1 times
TJ001
11 months, 4 weeks ago
Creating service endpoint policy is a good idea
upvoted 2 times
...
...
AzureJobsTillRetire
1 year ago
Selected Answer: A
Hey guys, I think the answer might be A yes. I had this question in my exam in a group of three YES/NO questions. I passed the exam with a score of 900, which is not very high but enough. I thought that there would be one YES in the three questions, and if that is true, this one is the only one could be YES. We can either assume the NSG does not configure well and give it a NO, or assume the NSG is configured as it should be and give it a YES.
upvoted 2 times
xRiot007
2 months, 3 weeks ago
"I thought that there would be one Yes in the three questions, and if that is true" - it is not, here is why: "Some question sets might have more than one correct solution, while others might not have a correct solution."
upvoted 1 times
...
Aunehwet79
1 year ago
That's a pretty good score bro
upvoted 4 times
...
wooyourdaddy
9 months, 2 weeks ago
All of these 3 questions would be a no. The simplest solution to this problem would be to implement a service endpoint for storage on the subnet that VM1 is on and then use a service endpoint policy to limit it to the storage1 resource only. Source: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoint-policies-overview
upvoted 3 times
...
...
GohanF2
1 year, 2 months ago
it's too vague the solution so the answer is NO.
upvoted 3 times
...
Prutser2
1 year, 3 months ago
Selected Answer: B
it doesnt stipulate what is in the NSG, so assuming it is empty, in which case it will not do anything
upvoted 2 times
...
BlackZeros
1 year, 3 months ago
Selected Answer: B
default NSG will allow the traffic to still go out.
upvoted 2 times
...
Alessandro365
1 year, 3 months ago
Selected Answer: B
No is correct
upvoted 2 times
...
azeem0077
1 year, 4 months ago
Selected Answer: B
Just adding an NSG won't do any change. So answer is B. Incase if the question also said that outbound and inbound rules are there in the NSG, then the answer may have been A.
upvoted 3 times
...
Jamesat
1 year, 4 months ago
Selected Answer: B
A NSG would do nothing without Rules. Also if the Storage Accounts are public then you would need to set a Service Endpoint and then block it. This would affect all the storage accounts. Without clarity this is cleared a NO.
upvoted 3 times
...
jeffangel28
1 year, 5 months ago
Selected Answer: B
Correct!, is not only create and associate NSG necessary!
upvoted 3 times
...
hogemax
1 year, 5 months ago
Selected Answer: B
B. No This just creates a network security group and associates it to Subnet1. Further configuration is required.
upvoted 7 times
...
rac_sp
1 year, 6 months ago
extremely abstract the information provided in the question.
upvoted 2 times
...
Swetareddy
1 year, 6 months ago
It happens only thru service endpoint policies using which u can restrict access to only one storage account.
upvoted 3 times
...
unclegrandfather
1 year, 6 months ago
Appeared on exam Jun/28/22
upvoted 1 times
...
BenH
1 year, 7 months ago
Selected Answer: A
I think this will meet the goal.
upvoted 5 times
jeffangel28
1 year, 5 months ago
explain how pls
upvoted 2 times
...
Diazan
7 months, 2 weeks ago
A NSG by itself (with only default rules configured) won't work at all
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel