ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 6 question 38 discussion

Actual exam question from Microsoft's AZ-104
Question #: 38
Topic #: 6
[All AZ-104 Questions]

You have an Azure subscription that contains eight virtual machines and the resources shown in the following table.



You need to configure access for VNET1. The solution must meet the following requirements:

• The virtual machines connected to VNET1 must be able to communicate with the virtual machines connected to VNET2 by using the Microsoft backbone.
• The virtual machines connected to VNET1 must be able to access storage1, storage2, and Azure AD by using the Microsoft backbone.

What is the minimum number of service endpoints you should add to VNET1?

  • A. 1
  • B. 2
  • C. 3
  • D. 5
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by sharkzor at Jan. 4, 2023, 2:29 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
moshos
Highly Voted 1 year, 7 months ago
Selected Answer: B
My answer: 2 First service endpoint: One service endpoint for Microsoft.Storage added to VNET1. The question asks how many to add to VNET1. When adding service endpoints on the VNET1 side you only get to choose the service ( Microsoft.Storage ) not the actual storage accounts. Once you add this service endpoint it can be then linked to on the storage side for both accounts. Second Service Endpoint: Microsoft.AzureActiveDirectory. Total:2
upvoted 36 times
c75e123
2 months, 2 weeks ago
Answer is: A You are can associate multiple storage accounts with a single Service endpoint. This question does not explicitly mention a Key Vault. Additionally, Microsoft Entra does not exclusively support Service endpoints for ADLS Gen1. Source: The Microsoft.AzureActiveDirectory tag listed under services supporting service endpoints is used only for supporting service endpoints to ADLS Gen 1. Microsoft Entra ID doesn't support service endpoints natively. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview#limitations
upvoted 2 times
...
Alex1184
1 year, 3 months ago
Microsoft.AzureActiveDirectory tag listed under services supporting service endpoints is used only for supporting service endpoints to ADLS Gen 1. Azure AD doesn't support service endpoints natively
upvoted 3 times
...
macrawat
1 year, 5 months ago
second service endpoint : Key Vault
upvoted 3 times
riquesg
1 year, 4 months ago
The question does not require adding a Key Vault service endpoint. Why should we add it?
upvoted 13 times
...
...
...
sharkzor
Highly Voted 1 year, 8 months ago
Selected Answer: B
Should be B, 2 service endpoints. VM is not a service endpoint type. So the first question is irrelevant. Both storage accounts must have service endpoints in vnet 1, so awnser should be 2
upvoted 24 times
elrizos
1 year, 5 months ago
it's ok terraform sample: resource "azurerm_storage_account" "storage2" { name = "examplestorage2" resource_group_name = "${azurerm_resource_group.example.name}" location = "${azurerm_resource_group.example.location}" account_tier = "Standard" account_replication_type = "LRS" network_rules { default_action = "Deny" virtual_network_subnet_ids = ["${azurerm_subnet.example.id}"] } service_endpoint { service = "Microsoft.Storage" location = "eastus" } }
upvoted 2 times
...
ConanBarb
1 year, 6 months ago
Yes B (2 s-e:s) but not for the reason you or other people below state You create one Service Endpoint per Azure service per Vnet (Vnet-to-Vnet does not require nor can it be configured with service endpoints) Hence: 1 service endpoint for Vnet1 to Microsoft.Storage service 1 service endpoint for Vnet1 to Microsoft.KeyVault service Try it your self in portal and you'll see https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
upvoted 18 times
djgodzilla
1 year, 5 months ago
Agree , Azure AD is not supported as service endpoint but Vault is. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
upvoted 1 times
SimoneP
1 year, 4 months ago
I see it in my lab: vNet --> select vnet --> Add Service Endpoint --> Service --> Microsoft.AzureActiveDirectory
upvoted 8 times
...
...
KingTN
1 year ago
It is no mentioned that is needed to communicate with the Keyvault ?
upvoted 5 times
...
...
...
23169fd
Most Recent 2 months, 3 weeks ago
Selected Answer: B
One for Microsoft.Storage One for Microsoft.AzureActiveDirectory
upvoted 4 times
...
Saranpriya
3 months, 2 weeks ago
Communication with VNET2: To allow virtual machines in VNET1 to communicate with those in VNET2, you need a service endpoint for the Microsoft backbone network. This ensures that traffic between the two virtual networks stays within the Azure backbone, providing optimal connectivity. Access to Storage1 and Storage2: For virtual machines in VNET1 to access storage1 and storage2, you’ll need service endpoints for Azure Storage. These endpoints allow private IP addresses within VNET1 to reach Azure Storage services without requiring public IP addresses. Therefore, the minimum number of service endpoints to add to VNET1 is two: One for Microsoft backbone network (for communication with VNET2). Another for Azure Storage (for accessing storage1 and storage2). ANSwer: B
upvoted 3 times
...
Amir1909
5 months, 2 weeks ago
B is correct
upvoted 1 times
...
BluAlien
7 months, 3 weeks ago
Selected Answer: A
One service endpoints for each Virtual Network that connects to storage accounts, so in this case only VNET1. On storage account there is no storage enpoint configuration. About connection on microsoft backbone beteween VNET1 and VNET2 such a service endpoint doesn't exist. About Service Endpoint: Microsoft.AzureActiveDirectory it's only for ADSL Gen 1. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview#limitations
upvoted 4 times
...
hotspot02103
8 months ago
Selected Answer: A
storage endpoint for both storage accounts
upvoted 3 times
...
Ahkhan
9 months, 3 weeks ago
The answer is A Here is the simplest proof: Service Endpoints cannot be connected to vNets associated to virtual machines. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
upvoted 3 times
Ahkhan
9 months, 3 weeks ago
*B 2 storage accounts
upvoted 1 times
...
...
19_12
11 months, 4 weeks ago
You need a separate private endpoint for each storage resource that you need to access, namely Blobs, Data Lake Storage Gen2, Files, Queues, Tables, or Static Websites. On the private endpoint, these storage services are defined as the target sub-resource of the associated storage account. https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints
upvoted 2 times
...
DeVullers
12 months ago
Selected Answer: B
I think the answer is B. Why? To meet the requirements of allowing virtual machines in VNET1 to communicate with virtual machines in VNET2 using the Microsoft backbone, as well as allowing access to Azure services such as Azure AD and Azure Storage using the Microsoft backbone, you should configure the following service endpoints in VNET1: - You wouldn't use service endpoints to enable communication between the VNETs. (Peering would be the likely solution for VNET to VNET communication) - Microsoft.Storage (For access to storage1 and storage2) - Microsoft.AzureActiveDirectory (For access to Azure AD) These service endpoints will enable traffic between the virtual machines in VNET1 and Azure Storage accounts (storage1 and storage2) and Azure Active Directory using the Microsoft backbone network. So, the minimum number of service endpoints to add to VNET1 is 2: Microsoft.Storage and Microsoft.AzureActiveDirectory. Please correct me if i'm wrong!
upvoted 7 times
...
[Removed]
1 year ago
he Microsoft.AzureActiveDirectory tag listed under services supporting service endpoints is used only for supporting service endpoints to ADLS Gen 1. Azure AD doesn't support service endpoints natively. So Answer is only one he Microsoft.AzureActiveDirectory tag listed under services supporting service endpoints is used only for supporting service endpoints to ADLS Gen 1. Azure AD doesn't support service endpoints natively. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
upvoted 2 times
...
Abesse
1 year ago
Selected Answer: A
Only for the storage
upvoted 5 times
...
MajidS
1 year ago
Only 1 service endpoint is required for Storage account
upvoted 3 times
...
KpiTalisTTT
1 year ago
K Vault is not mentioned so the answer is B bc is one endpoint per Storage A.
upvoted 2 times
...
marioZuo
1 year, 1 month ago
Vnet1&2 peering. 1 storage service endpoint, 1 AAD service endpoint. So answer is 2.
upvoted 3 times
...
levan1988
1 year, 1 month ago
Selected Answer: B
I think is 2
upvoted 2 times
...
eliasalg
1 year, 1 month ago
- VMs traffic is handled by the NIC using the private IP so 0 service endpoints. Moreover, it does not exist such a thing as a service endpoint for VMs. - We need 1 Microsoft.Storage service endpoint in VNET1 subnet. We will attach this subnet to each of the storage accounts. * it does not talk about connecting to the Key vaults, so no need to create a service endpoint for that.
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago