ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 6 question 6 discussion

Actual exam question from Microsoft's AZ-500
Question #: 6
Topic #: 6
[All AZ-500 Questions]

HOTSPOT
-

You have an Azure subscription that is linked to an Azure AD tenant and contains the virtual machines shown in the following table.



The subnets of the virtual networks have the service endpoints shown in the following table.



You create the resources shown in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by liorh at May 21, 2023, 11:35 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
billo79152718
Highly Voted 1 year, 11 months ago
Yes, No, No is correct
upvoted 16 times
schpeter_091
4 months, 4 weeks ago
Y,N,N About the last one, the authentication: How could someone authenticate with MFA using a private IP?! It needs a public IP.
upvoted 2 times
...
femzy
1 year, 4 months ago
YNY Connections from VM1 to storage1 always use IP address 10.1.1.5. Yes: VM1 is connected to VNET1/Subnet1 Connections from VM2 to Vault1 always use IP address 20.224.219.230. No: VM2 will use its private IP address within the VNET to connect to Vault1 since both are within the same VNET (VNET1) and there is a service endpoint for Microsoft.KeyVault in VNET1/Subnet2. We are trying to use the Microsoft Backbone Network. Authentication from VM3 to the tenant uses either IP address 10.11.1.5 or 40.122.155.212. Yes: VM3 can use its private IP for internal Azure traffic but would use its public IP for communication over the internet, such as authentication with Azure services that are not part of the VNET.
upvoted 4 times
Jimmy500
9 months, 3 weeks ago
Question does not say tenant part of Vnet then it will use public ip, you say it also in your last statement and you choose Yes for third one
upvoted 1 times
ITFranz
2 weeks, 5 days ago
TO SUPPORT ANSWER 3. VM3 authenticates to Azure AD using its public IP address (40.122.155.212). The private IP (10.11.1.5) is irrelevant for external Azure AD authentication unless Private Link is explicitly configured.
upvoted 1 times
...
...
...
...
xcapell
Highly Voted 1 year, 11 months ago
Good explanation in following link https://stackoverflow.com/questions/73769449/azure-difference-between-service-endpoint-and-private-endpoint-in-simple-terms
upvoted 12 times
...
randy0077
Most Recent 1 month ago
Yes, No, NO: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview#:~:text=Service%20Endpoints%20enables%20private%20IP%20addresses%20in%20the%20VNet%20to%20reach%20the%20endpoint%20of%20an%20Azure%20service%20without%20needing%20a%20public%20IP%20address%20on%20the%20VNet.
upvoted 1 times
...
JackGelder
5 months, 1 week ago
Why do you all say that VMs use private IP to communicate just because there are service endpoints? We have no information about if KeyVault and StorageAccount firewalls are configured to connect via VNETs
upvoted 1 times
...
pentium75
8 months, 3 weeks ago
Given answer is correct. YES - Service Endpoint itself has public IP (contrary to Private Endpoint), but still traffic originates from private IP NO - see above NO - Azure AD / Entra ID a public service on public IP, thus it uses public IP only
upvoted 2 times
...
ITFranz
9 months, 3 weeks ago
To support the question. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview Virtual Network (VNet) service endpoint provides secure and direct connectivity to Azure services over an optimized route over the Azure backbone network. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Service Endpoints enables private IP addresses in the VNet to reach the endpoint of an Azure service without needing a public IP address on the VNet. The Microsoft.AzureActiveDirectory tag listed under services supporting service endpoints is used only for supporting service endpoints to ADLS Gen 1. Microsoft Entra ID doesn't support service endpoints natively. Answer = Y- N-N
upvoted 1 times
...
Zuurpruim
1 year, 5 months ago
I would go for Y,N,Y. 1. You connect to a Service Endpoint (Storage1) therefore you’ll use the private IP as outgoing. So the answer is Yes 2. You connect to a Service Endpoint (Vault1) Therefore you’ll use the private IP as outgoing. So the answer is No. 3. This is a wild guess, I would say both It might depend where to authenticate to. So I would go for Yes.
upvoted 2 times
...
Neverwinter
1 year, 7 months ago
They still travel internally when going to another service endpoint in your tenant the service vs private is just that the service is also publicly routable if needed vs a private is only internal. Answers are Correct
upvoted 1 times
...
heatfan900
1 year, 8 months ago
THEY ARE REFERENCING A SERVICE ENDPOINT, NOT A PRIVATE ENDPOINT. THE ANSWERS ARE : N, Y, Y connections from VM1 to STORAGE 1 will always use PUBLIC IP connection from VM2 to VAULT 1 will always use PUBLIC IP authentication from VM3 to TENANT can use either PRIVATE or PUBLIC because it has no SERVICE ENDPOINT. Knew this already but the diagram here outlines it perfectly: https://stackoverflow.com/questions/73769449/azure-difference-between-service-endpoint-and-private-endpoint-in-simple-terms
upvoted 11 times
allen008
1 year, 8 months ago
The link provided seems to suggest that the default (NO Private Endpoint or Service Endpoint configured) would use the Public IP address of the VM. Would this NOT make item#3 = NO - since 10.11.1.5 is not an option for the communicate. Questions asks 10.11.1.5 OR 40.122.155.212 - according to the link 10.11.1.5 is not an option.
upvoted 2 times
allen008
1 year, 8 months ago
Just noticed this also... the link seems to suggest that when using a Service Endpoint the source IP address of the VM uses the Private IP. That would potentially change Item#2. Can anyone provide clarification?
upvoted 2 times
Codelawdepp
10 months, 2 weeks ago
Misunderstood. Long studying sessions can make you tired :-) If the VMs use Service Endpoints, they utilize their private IP to then communicate with the public storage account. 1: Yes: VM1 uses the Service Endpoint and therefore utilizes the private IP address. 2: No: VM2 also uses the Service Endpoint and therefore utilizes the private IP address. 3: Yes: VM3 can use its private IP for internal Azure traffic but would use its public IP for communication over the internet, such as authentication with Azure services that are not part of the VNET. The virtual machine will use its private IP to communicate with the public endpoint of the storage account. Other reference: Difference between private endpoint and service endpoint.
upvoted 1 times
Jimmy500
9 months, 3 weeks ago
Why do you chose Yes for the third one even you say vm will use public ip only with tenant.
upvoted 2 times
...
...
...
...
...
Self_Study
1 year, 8 months ago
On an exam on 7/8/23, agree with the answer provided.
upvoted 4 times
...
liorh
1 year, 11 months ago
what is the correct answer?
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago