ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 1 question 13 discussion

Actual exam question from Microsoft's AZ-500
Question #: 13
Topic #: 1
[All AZ-500 Questions]

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your Company's Azure subscription includes a virtual network that has a single subnet configured.
You have created a service endpoint for the subnet, which includes an Azure virtual machine that has Ubuntu Server 18.04 installed.
You are preparing to deploy Docker containers to the virtual machine. You need to make sure that the containers can access Azure Storage resources and Azure
SQL databases via the service endpoint.
You need to perform a task on the virtual machine prior to deploying containers.
Solution: You create an application security group.
Does the solution meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by mT3 at Aug. 16, 2021, 5:46 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
billibarou
Highly Voted 3 years, 4 months ago
Selected Answer: B
So the question states "You need to make sure that the containers can access Azure Storage resources and Azure SQL databases via the service endpoint". Since the containers are deployed inside a virtual machine the service endpoint will allow the virtual machine and anything hosted inside(applications/containers) to access Azure services directly. So since the creation of the service endpoint allows access to Azure Storage and Azure SQL databases there is no need to create an Application Security Group(ASG). B is the correct answer. Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
upvoted 59 times
God2029
2 years, 4 months ago
Well explained!
upvoted 2 times
God2029
2 years, 4 months ago
adding to the above. By default Azure has been configured with default route and so resource within the same virtual network can communicate each other irrespective of subnet. But in prod we define custom subnet for security which will override azure default route, you need to enable routing using network virtual appliance (NVA) in such scenario. Also ASG and ACL would be required to define more stringent policy. We need to apply zero Trust principles and least privileges. Based on budget, can even go for microsegementaion for host/device based access control.
upvoted 4 times
...
...
DarkCyberGhost
3 years, 3 months ago
This is Correct i need say no more. Thanks billibarou
upvoted 3 times
...
...
mT3
Highly Voted 3 years, 8 months ago
answer is correct
upvoted 9 times
...
stonwall12
Most Recent 2 months, 2 weeks ago
Selected Answer: B
Answer: B, No Reason: Creating an application security group won't enable containers to use service endpoints. Reference: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview#limitations
upvoted 1 times
...
Ruffyit
6 months, 1 week ago
So the question states "You need to make sure that the containers can access Azure Storage resources and Azure SQL databases via the service endpoint". Since the containers are deployed inside a virtual machine the service endpoint will allow the virtual machine and anything hosted inside(applications/containers) to access Azure services directly. So since the creation of the service endpoint allows access to Azure Storage and Azure SQL databases there is no need to create an Application Security Group(ASG). B is the correct answer. Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
upvoted 1 times
...
wardy1983
7 months, 1 week ago
Answer: B Explanation: You need to make sure that the containers can access Azure Storage resources and Azure SQL databases via the service endpoint". Since the containers are deployed inside a virtual machine the service endpoint will allow the virtual machine and anything hosted inside(applications/containers) to access Azure services directly. So since the creation of the service endpoint allows access to Azure Storage and Azure SQL databases there is no need to create an Application Security Group(ASG). B is the correct answe
upvoted 1 times
...
Mazhar1993
1 year ago
NO Creating an application security group on the virtual machine does not directly enable the containers to access Azure Storage resources and Azure SQL databases via the service endpoint. Application security groups are used to define network security policies based on application workloads. To ensure that the containers can access Azure Storage resources and Azure SQL databases via the service endpoint, you need to configure the necessary network settings or firewall rules on the virtual machine itself.
upvoted 1 times
...
ErikPJordan
1 year, 7 months ago
Virtual Network (VNet) service endpoint provides secure and direct connectivity to Azure services over an optimized route over the Azure backbone network. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Service Endpoints enables private IP addresses in the VNet to reach the endpoint of an Azure service without needing a public IP address on the VNet.
upvoted 1 times
...
ESAJRR
1 year, 8 months ago
Selected Answer: B
B is the answer.
upvoted 1 times
...
DatBroNZ
1 year, 10 months ago
Creating an application security group is not directly related to enabling container access to Azure Storage and Azure SQL databases. Application security groups are used for network security purposes, such as defining network security group (NSG) rules.
upvoted 1 times
...
zellck
1 year, 11 months ago
Selected Answer: B
B is the answer. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview#configuration
upvoted 1 times
...
majstor86
2 years, 1 month ago
Selected Answer: B
B. Answer is NO
upvoted 2 times
...
Bill831231
2 years, 6 months ago
Seems the answer is correct, but the explaination is not that correct, an ASG cannot bring more connectivity for a container inside a VM, but a CNI could
upvoted 7 times
...
chamka
2 years, 7 months ago
Selected Answer: B
Given answer is correct
upvoted 1 times
...
Eltooth
3 years, 1 month ago
Selected Answer: B
B is correct answer.
upvoted 1 times
...
yoton
3 years, 2 months ago
Selected Answer: B
The creation of the service endpoint negates the need for an ASG.
upvoted 2 times
...
satishba
3 years, 4 months ago
Service End Point are configured in VNET settings and allow Subnet Traffic to the settings in a view it is more routing specific and not related to Blocking , ASG and NSG are more from blocking perspective so do not apply here
upvoted 6 times
...
AbsG
3 years, 4 months ago
can someone explain why No.
upvoted 2 times
PhilMultiCloud
3 years, 4 months ago
You can simply look at what is the function of a ASG and you will understand why..
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago