Exam AZ-104 topic 3 question 13 discussion

Correct Answer: VNet1’s address space is 10.2.0.0/16. The VNet1 has only 1 Subnet associated: 10.2.0.0/24. The address space of a VNet is irrelevant if there isn’t a corresponding Subnet from, which VMs can be assigned IP addresses. Box1: Never VMs from 10.2.9.0/24 (10.2.9.0 - 10.2.9.255) are out of Subnet. Subnet IP range 10.2.0.0 - 10.2.0. 255.   Box2: Never Since the checkbox to allow trusted Microsoft services is not checked. After you configure firewall and virtual network settings for your storage account, select Allow trusted Microsoft services to access this storage account as an exception to enable Azure Backup service to access the network restricted storage account.

VMs from the 10.2.9.0/24 should NEVER access the storage!!!!! Since wich the selection of the network is segmented by subnets, and not by virtual networks.

CORRECT

The question tricks with IP address. The Vnet1 address space 10.2.0.0/16 and the VM address space 10.2.9.0/24 are different. So the VM will never be able to connect

Incorrect case at all. How did they create subnet "1" with CIDR 10.2.0.0/16 and subnet "Prod" with CIDR 10.2.0.0/24 in one Vnet1? It's impossible to do because of overlapping of the subnets. If you decide to repeat the test case you will receive an error - "Address prefix 10.2.0.0/24 overlaps with the address prefix 10.2.0.0/16 in subnet default. Subnets in the same virtual network cannot overlap."

Never Never 10.2.9.0/24 subnet is part of 10.2.0.0/16 subnet which is in the allowed subnet. The reasons it's now allowed is because the Endpoint status is not enabled

This question was in exam 01/03/2024

Always Never

Correct Never Never

- always - always

VNet1’s address space is 10.2.0.0/16. The VNet1 has only 1 Subnet associated: 10.2.0.0/24. The address space of a VNet is irrelevant if there isn’t a corresponding Subnet from, which VMs can be assigned IP addresses. Box1: Never VMs from 10.2.9.0/24 (10.2.9.0 - 10.2.9.255) are out of Subnet. Subnet IP range 10.2.0.0 - 10.2.0. 255.   Box2: Never Since the checkbox to allow trusted Microsoft services is not checked. After you configure firewall and virtual network settings for your storage account, select Allow trusted Microsoft services to access this storage account as an exception to enable Azure Backup service to access the network restricted storage account.

This question appeared in Exam conducted on September 15th - 2023. Answer is, Box 1 -----> Never (Check the CIDR range mentioned. Question contains wrong IP address) Box 2 ------> Checkbox to allow trusted Microsoft services is not checked.

Never! Never!

It seems that the virtual machines on the 10.2.9.0/24 subnet will have network connectivity to the file shares in the storage account as the subnet "Prod" is enabled with endpoints to access the storage account. Therefore, the answer to the first question should be "always". As for the second question, if the Azure Backup service is configured to access the storage account as an exception, it should be able to back up the unmanaged hard disks of the virtual machines in the storage account. However, if the exception is not configured, the answer should be "never".

on the test

On exam 21st Dec 2022 - answer is correct

1) The virtual machines on the 10.2.9.0/24 subnet will have network connectivity to the file shares in the storage account "never". 2) Azure Backup will be able to back up the unmanaged hard disks of the virtual machines in the storage account "never". Explanation: The range 10.2.9.0/24 is not inside the allowed Virtual networks range "10.2.0.0/24". The option "Allow trusted Microsoft services to access this storage account" is not enabled, so Azure Backup wont be able to back up the disks.