ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 6 question 10 discussion

Actual exam question from Microsoft's AZ-500
Question #: 10
Topic #: 6
[All AZ-500 Questions]

HOTSPOT
-

You have an Azure Subscription that is connected to an on-premises datacenter and contains the resources shown in the following table.



You need to configure virtual network service endpoints for VNet1 and VNet2. The solution must meet the following requirements:

• The virtual machines that connect to the subnet of VNet1 must access storage1, storage2, and Azure AD by using the Microsoft backbone network.
• The virtual machines that connect to the subnet of VNet2 must access storage1 and KeyVault1 by using the Microsoft backbone network.
• The virtual machines must use the Microsoft backbone network to communicate between VNet1 and VNet2.

How many service endpoints should you configure for each virtual network? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by billo79152718 at May 21, 2023, 12:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Kb80
Highly Voted 1 year, 9 months ago
VNet1: 1 > Microsoft.Storage only. VNet2: 2 > Microsoft.Storage and Microsoft.KeyVault Service endpoints are enabled for the entire service not per instance of a service. They are enabled per Vnet and subnet. Azure AD does not have a service endpoint currently. For Azure Storage you can additionally use a service endpoint policy to control access to specific storage instances within a subnet. https://jeffbrown.tech/azure-private-service-endpoint/ https://learn.microsoft.com/en-us/azure/virtual-network/vnet-integration-for-azure-services#compare-private-endpoints-and-service-endpoints https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoint-policies-overview
upvoted 18 times
...
Alexbz
Highly Voted 1 year, 10 months ago
VNet1 : 2 VNet2 : 2 Vnet1 has one subnet (the virtual machines that connect to THE SUBNET of VNet1...), then we need one service endpoint for Storage1 and 2 and one service endpoint for Azure AD.
upvoted 10 times
[Removed]
1 year, 6 months ago
Tested in Lab it's 1 and 2 The Microsoft.AzureActiveDirectory tag listed under services supporting service endpoints is used only for supporting service endpoints to ADLS Gen 1 https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
upvoted 3 times
...
hellboycze
1 year, 8 months ago
Your answer is right despite you mentioned service endpoint for Azure AD which is not required
upvoted 1 times
...
...
Sabr_
Most Recent 3 weeks ago
Exam question 6th April 2025
upvoted 1 times
...
randy0077
1 month ago
1 and 2 is correct ans: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview#:~:text=ADLS%20Gen%201.-,Microsoft%20Entra,-ID%20doesn%27t%20support please if someone want to give ans support with document link.
upvoted 1 times
...
golitech
2 months, 3 weeks ago
vnet1-> 1 for storage and 1 for AD vnet2-> 1 for storage and 1 for vault
upvoted 1 times
...
pentium75
8 months, 4 weeks ago
1: VNet1 needs one endpoint for storage. Unfortunately "Microsoft Entra ID doesn't support service endpoints natively" so we cannot fulfill the requirement to "connect to Azure AD over the Microsoft backbone", though I guess that Azure would do that anyway. 2: One for storage, one for key vault
upvoted 1 times
...
Jimmy500
9 months, 4 weeks ago
Here we need to carefully read the question for the vnet 1 it says we need to access storage1 and storage2, as we know when we create service endpoint, we can use one service endpoint for different storage accounts, or we can use one service endpoint for different key vault or other services where we can use service endpoint. In the first statement it says “Vnet1’s members needs to access to storage 1 and 2 this means we can create one service endpoint and achieve the given statement”. For the second statement we have key vault and storage account in this case we need to create 2 different sep (service endpoint) Between vnet communication we do not have to create sep. My answer is 1,2
upvoted 2 times
Jimmy500
9 months, 2 weeks ago
Hi guys, while doing MS learning test I identified that we can use service endpoint for the Entra ID as well that is why for the first one answer definately will be 2 as well. I am really sorry for this but let's at least correct our mistakes. Please refer here: A service endpoint is configured for a specific server at the subnet level. Based on the requirements, you need to configure two service endpoints for Microsoft.Storage on VNet1 because VNet1 has two subnets and three service endpoints for Microsoft.AzureActiveDirectory on VNet2 because VNet2 has three subnets. The minimum number of service endpoints that you must configure is five. Azure virtual network service endpoints | Microsoft Learn Plan and implement security for virtual networks - Training | Microsoft Learn
upvoted 1 times
...
...
bxlin
11 months, 1 week ago
Vnet1 -1 Vnet2 -2 The Microsoft.AzureActiveDirectory tag listed under services supporting service endpoints is used only for supporting service endpoints to ADLS Gen 1. Microsoft Entra ID doesn't support service endpoints natively.
upvoted 1 times
...
Nava702
1 year ago
Microsoft.AzureActiveDirectory tag exists for authentications to Entra ID. So it is 2 Service Endpoints for each VNET. https://learn.microsoft.com/en-us/azure/virtual-network/service-tags-overview
upvoted 1 times
pentium75
8 months, 4 weeks ago
What have Service Tags to do with Service Endpoints?
upvoted 1 times
...
...
_punky_
1 year, 6 months ago
The ans is correct: 1 and 2 AD is using agent inside VM to connect to Azure AD **Steps for AD connection** Create or Select an Azure VM: You need to have an Azure VM running. If you don't have one, you can create a new VM from the Azure Portal, Azure CLI, or Azure PowerShell. Configure Azure AD Authentication for the VM: This can be done in a few different ways, but one common method is to use the Azure AD extension for Linux or Windows VMs. Here's how to do it: For Windows VMs: For Windows VMs, you can install and configure the Azure AD Connect service to establish a connection between your VM and Azure AD. You can follow these steps: Install the Azure AD Connect agent on the Windows VM. Register the VM with Azure AD using the Azure AD Connect agent. Configure the VM to use Azure AD credentials for login.
upvoted 2 times
pentium75
8 months, 4 weeks ago
"Azure AD Connect" is for syncing on-premises AD with Entra ID.
upvoted 1 times
...
...
heatfan900
1 year, 7 months ago
2, 2 VNET 1 requires two. One for SA1 and SA2 via a STORAGE TAG and one for AD. VNET 2 requires two. One for SA1 and one for KV1. The VNETs will communicate via the MICROSOFT BACKBONE NETWORK by being Peered, No Service Endpoint required.
upvoted 2 times
...
Ario
1 year, 9 months ago
2 service endpoint for each VNet1: Service Endpoint for Azure Storage: 2 endpoints (storage1 and storage2) Service Endpoint for Azure Active Directory (Azure AD): 1 endpoint VNet2: Service Endpoint for Azure Storage: 1 endpoint (storage1) Service Endpoint for Azure Key Vault: 1 endpoint (KeyVault1)
upvoted 2 times
Ario
1 year, 9 months ago
Service endpoints are specific to Azure services like Azure Storage and Azure Key Vault, but not for Azure AD.
upvoted 3 times
...
...
Malikusmanrasheed
1 year, 9 months ago
Service endpoint is per service, per vnet. There is no service endpoint for azure AD. Vnet 1=2 One for each storage Vnet 2=2 One for storage, one for key vault
upvoted 3 times
pentium75
8 months, 4 weeks ago
One endpoint for storage, not for EACH.
upvoted 1 times
...
Malikusmanrasheed
1 year, 9 months ago
https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview#secure-azure-services-to-virtual-networks Forgot to paste the link about services covered by service endpoints
upvoted 2 times
...
...
erffre
1 year, 9 months ago
• The virtual machines that connect to the subnet of VNet1 must access storage1, storage2, and Azure AD by using the Microsoft backbone network. • The virtual machines that connect to the subnet of VNet2 must access storage1 and KeyVault1 by using the Microsoft backbone network. • The virtual machines must use the Microsoft backbone network to communicate between VNet1 and VNet2. Vnet1 never connects to KeyVault, so billo79152718 is right i guess. Never heard of Azure Ad Service endpoint. Will check on that.
upvoted 1 times
...
billo79152718
1 year, 11 months ago
VNet1: 1 VNet2: 2
upvoted 2 times
liorh
1 year, 10 months ago
why? can you explain
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago