The only reason that I paid for this subscription was your comments. You are really the added value to this page. For sure it will help me pass the exam. Thank you.
zure Virtual Network (VNet) Service Endpoints allow you to securely connect your Azure Virtual Network (VNet) to Azure services (like Storage Accounts, SQL Databases, Key Vault, etc.) over the Azure backbone network, instead of using the public internet.
While Network Security Groups (NSGs) control inbound and outbound traffic to and from Azure resources, they do not directly prevent traffic from a virtual network to Azure Storage over the internet. To achieve that, Azure Private Endpoints should be used.
Answer should be D. While Network Security Groups (NSGs) control inbound and outbound traffic to and from Azure resources, they do not directly prevent traffic from a virtual network to Azure Storage over the internet. To achieve that, Azure Private Endpoints should be used.
To prevent traffic from an Azure virtual network from being routed to an Azure Storage account via the internet, it is more appropriate to use service endpoints rather than network security groups (NSGs). Service endpoints ensure that the traffic from the virtual network is routed directly to the Azure Storage account through Azure's backbone network, bypassing the internet
-By Copilot(Service of MS)
I would go "D"
It's about "routing"
Network Security Groups (NSGs) are used to control inbound and outbound traffic to network interfaces, VMs, and subnets in your virtual network. While NSGs can help secure your Azure environment by allowing or denying traffic based on rules, they don’t specifically prevent traffic from being routed to an Azure Storage account via the internet.
To ensure traffic between your virtual network and Azure Storage account stays within the Azure backbone network, you should use private endpoints or service endpoints. NSGs can be used in conjunction with these to further refine and control traffic within your virtual network.
D is correct per chatgpt: To prevent traffic from an Azure Virtual Network (VNet) from being routed to an Azure Storage account via the internet, you should use Virtual Network Service Endpoints or Private Endpoints.
D. a service endpoint
The correct answer to the original question is "D. a service endpoint," as this is the specific solution to ensure that traffic from a VNet to an Azure storage account does not use the public internet. However, NSGs are important tools for general network traffic control and security, and their use is extensively covered in Azure fundamentals.
This can be achieved by using Private Endpoints or NSG and there is no option for Private Endpoints
Private Endpoints are specific to individual resources and provide granular control.
Service Endpoints apply to entire services and optimize routing within Azure.
Use Azure Network Security Groups (NSGs):
Associate NSGs with the subnets within your Azure virtual network.
Create security rules within the NSG to block outgoing internet traffic using the service tag Internet.
By doing this, you prevent traffic from the virtual network to external internet resources, including Azure Storage accounts.
In summary, configure network rules for your storage account to restrict access to specific networks or resources, and use NSGs to block internet-bound traffic from your Azure virtual network. This combination ensures secure communication between your virtual network and the storage account while preventing unnecessary exposure to the internet.
D is correct
"Virtual Network (VNet) service endpoint provides secure and direct connectivity to Azure services over an optimized route over the Azure backbone network. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Service Endpoints enables private IP addresses in the VNet to reach the endpoint of an Azure service without needing a public IP address on the VNet."
https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
This section is not available anymore. Please use the main Exam Page.AZ-900 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Ciupaz
Highly Voted 2 years, 3 months agoSilviaS
Highly Voted 1 year, 9 months agoDmarcetic
Most Recent 2 months, 2 weeks agoZakirh
5 months agoZakirh
5 months agogum_hani
6 months, 3 weeks agopb187
7 months, 1 week agoMoustafa_Hefaina
7 months, 1 week ago126e81f
8 months, 2 weeks agoNathan12345
8 months, 1 week agoNathan12345
8 months, 1 week agojambroba
9 months, 1 week agojambroba
9 months, 1 week agodarthhansie
9 months, 1 week agodarthhansie
9 months, 1 week agosiculoct
10 months, 2 weeks agojordanmacedo00
1 year, 2 months agoKee93
1 year, 3 months agojesus_exam
1 year, 3 months agojesus_exam
1 year, 3 months ago