ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-700 All Questions

View all questions & answers for the AZ-700 exam
Go to Exam

Exam AZ-700 topic 4 question 15 discussion

Actual exam question from Microsoft's AZ-700
Question #: 15
Topic #: 4
[All AZ-700 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
✑ A virtual network named Vnet1

A subnet named Subnet1 in Vnet1 -

✑ A virtual machine named VM1 that connects to Subnet1
✑ Three storage accounts named storage1, storage2, and storage3
You need to ensure that VM1 can access storage1. VM1 must be prevented from accessing any other storage accounts.
Solution: You create a network security group (NSG). You configure a service tag for Microsoft.Storage and link the tag to Subnet1.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by unclegrandfather at June 28, 2022, 11:01 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Prutser2
Highly Voted 2 years ago
Selected Answer: B
the service tag in a blanket rule can only deny all storage or permit all storage, it would have no further granularity
upvoted 8 times
...
RemmyT
Most Recent 5 months, 1 week ago
Could be done with an NSG and an Application Security Group. NSG rules: Rule1 with Storage Service Tag. - Permit access for an ASG with all VMs required access to storage. - priority 100 Rule2 with Storage Service Tag. Deny any access to Storage. - priority 1000
upvoted 1 times
...
BlackZeros
2 years, 1 month ago
Selected Answer: B
correct
upvoted 1 times
...
Jamesat
2 years, 2 months ago
Selected Answer: B
Correct. I am assuming they mean to create an NSG rule with Storage Service Tag. Not sure whether they are denying access or not, however, this would apply to all Storage Accounts access via public endpoints.
upvoted 3 times
...
derrrp
2 years, 3 months ago
No. This proposed solution does not mention any means of blocking VM1 from Storage2 and Storage3.
upvoted 1 times
...
unclegrandfather
2 years, 4 months ago
Appeared on exam Jun/28/22
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago