ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 6 question 38 discussion

Actual exam question from Microsoft's AZ-104
Question #: 38
Topic #: 6
[All AZ-104 Questions]

You have an Azure subscription that contains eight virtual machines and the resources shown in the following table.



You need to configure access for VNET1. The solution must meet the following requirements:

• The virtual machines connected to VNET1 must be able to communicate with the virtual machines connected to VNET2 by using the Microsoft backbone.
• The virtual machines connected to VNET1 must be able to access storage1, storage2, and Azure AD by using the Microsoft backbone.

What is the minimum number of service endpoints you should add to VNET1?

  • A. 1
  • B. 2
  • C. 3
  • D. 5
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by sharkzor at Jan. 4, 2023, 2:29 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
moshos
Highly Voted 1 year, 11 months ago
Selected Answer: B
My answer: 2 First service endpoint: One service endpoint for Microsoft.Storage added to VNET1. The question asks how many to add to VNET1. When adding service endpoints on the VNET1 side you only get to choose the service ( Microsoft.Storage ) not the actual storage accounts. Once you add this service endpoint it can be then linked to on the storage side for both accounts. Second Service Endpoint: Microsoft.AzureActiveDirectory. Total:2
upvoted 38 times
Alcpt
3 weeks ago
The answer is A = 1. - vms connect vms by using inter-vnet peering = 0 serv/endpoints, - a single SERVICE endpoint is required to connect to any number of physical storage accounts = 1 serv/endpoint, - Entra requires no service endpoints since it connects via Microsoft Global network = 0 serv/endpoints, - the table shows an AKV but do any bullet points ask for a service endpoint to an AKV? NO. it might be using a private endpoint or God forbid, be using a public endpoint. hence TOTAL = 1
upvoted 1 times
...
c75e123
6 months, 2 weeks ago
Answer is: A You are can associate multiple storage accounts with a single Service endpoint. This question does not explicitly mention a Key Vault. Additionally, Microsoft Entra does not exclusively support Service endpoints for ADLS Gen1. Source: The Microsoft.AzureActiveDirectory tag listed under services supporting service endpoints is used only for supporting service endpoints to ADLS Gen 1. Microsoft Entra ID doesn't support service endpoints natively. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview#limitations
upvoted 6 times
...
Alex1184
1 year, 7 months ago
Microsoft.AzureActiveDirectory tag listed under services supporting service endpoints is used only for supporting service endpoints to ADLS Gen 1. Azure AD doesn't support service endpoints natively
upvoted 4 times
...
macrawat
1 year, 9 months ago
second service endpoint : Key Vault
upvoted 3 times
riquesg
1 year, 8 months ago
The question does not require adding a Key Vault service endpoint. Why should we add it?
upvoted 13 times
...
...
...
sharkzor
Highly Voted 1 year, 12 months ago
Selected Answer: B
Should be B, 2 service endpoints. VM is not a service endpoint type. So the first question is irrelevant. Both storage accounts must have service endpoints in vnet 1, so awnser should be 2
upvoted 24 times
elrizos
1 year, 9 months ago
it's ok terraform sample: resource "azurerm_storage_account" "storage2" { name = "examplestorage2" resource_group_name = "${azurerm_resource_group.example.name}" location = "${azurerm_resource_group.example.location}" account_tier = "Standard" account_replication_type = "LRS" network_rules { default_action = "Deny" virtual_network_subnet_ids = ["${azurerm_subnet.example.id}"] } service_endpoint { service = "Microsoft.Storage" location = "eastus" } }
upvoted 2 times
...
ConanBarb
1 year, 10 months ago
Yes B (2 s-e:s) but not for the reason you or other people below state You create one Service Endpoint per Azure service per Vnet (Vnet-to-Vnet does not require nor can it be configured with service endpoints) Hence: 1 service endpoint for Vnet1 to Microsoft.Storage service 1 service endpoint for Vnet1 to Microsoft.KeyVault service Try it your self in portal and you'll see https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
upvoted 19 times
djgodzilla
1 year, 9 months ago
Agree , Azure AD is not supported as service endpoint but Vault is. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
upvoted 1 times
SimoneP
1 year, 8 months ago
I see it in my lab: vNet --> select vnet --> Add Service Endpoint --> Service --> Microsoft.AzureActiveDirectory
upvoted 8 times
...
...
KingTN
1 year, 4 months ago
It is no mentioned that is needed to communicate with the Keyvault ?
upvoted 5 times
...
...
...
letsplay14me
Most Recent 1 month, 2 weeks ago
Selected Answer: A
one - for Azure AD you can access the other VMs by peering the VNets and the storage accounts by private endpoints (not service endpoints)
upvoted 1 times
...
GohanF2
3 months ago
Selected Answer: A
Additionally, I vote for A because KeyVault is not part of the requirements of the question. So, only 1 for the storages.
upvoted 1 times
...
GohanF2
3 months ago
Selected Answer: A
I vote for A: 1 service endpoint for Microsoft.Storage (for both storage1 and storage2) No service endpoint is required for Azure AD. VNET peering handles communication between VNET1 and VNET2, so there is not need for a service endpoint.
upvoted 1 times
...
vrm1358
3 months, 3 weeks ago
Selected Answer: A
My answer: A One service endpoint is needed for all of the storage accounts. Azure AD doesn't need/support service endpoints and there is nothing mentioned about requirement for connectivity to key vault. So, only one service endpoint should be needed.
upvoted 2 times
...
23169fd
6 months, 3 weeks ago
Selected Answer: B
One for Microsoft.Storage One for Microsoft.AzureActiveDirectory
upvoted 4 times
...
Saranpriya
7 months, 2 weeks ago
Communication with VNET2: To allow virtual machines in VNET1 to communicate with those in VNET2, you need a service endpoint for the Microsoft backbone network. This ensures that traffic between the two virtual networks stays within the Azure backbone, providing optimal connectivity. Access to Storage1 and Storage2: For virtual machines in VNET1 to access storage1 and storage2, you’ll need service endpoints for Azure Storage. These endpoints allow private IP addresses within VNET1 to reach Azure Storage services without requiring public IP addresses. Therefore, the minimum number of service endpoints to add to VNET1 is two: One for Microsoft backbone network (for communication with VNET2). Another for Azure Storage (for accessing storage1 and storage2). ANSwer: B
upvoted 3 times
...
Amir1909
9 months, 1 week ago
B is correct
upvoted 1 times
...
BluAlien
11 months, 3 weeks ago
Selected Answer: A
One service endpoints for each Virtual Network that connects to storage accounts, so in this case only VNET1. On storage account there is no storage enpoint configuration. About connection on microsoft backbone beteween VNET1 and VNET2 such a service endpoint doesn't exist. About Service Endpoint: Microsoft.AzureActiveDirectory it's only for ADSL Gen 1. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview#limitations
upvoted 4 times
...
hotspot02103
12 months ago
Selected Answer: A
storage endpoint for both storage accounts
upvoted 3 times
...
Ahkhan
1 year, 1 month ago
The answer is A Here is the simplest proof: Service Endpoints cannot be connected to vNets associated to virtual machines. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
upvoted 3 times
Ahkhan
1 year, 1 month ago
*B 2 storage accounts
upvoted 1 times
...
...
19_12
1 year, 3 months ago
You need a separate private endpoint for each storage resource that you need to access, namely Blobs, Data Lake Storage Gen2, Files, Queues, Tables, or Static Websites. On the private endpoint, these storage services are defined as the target sub-resource of the associated storage account. https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints
upvoted 2 times
...
DeVullers
1 year, 3 months ago
Selected Answer: B
I think the answer is B. Why? To meet the requirements of allowing virtual machines in VNET1 to communicate with virtual machines in VNET2 using the Microsoft backbone, as well as allowing access to Azure services such as Azure AD and Azure Storage using the Microsoft backbone, you should configure the following service endpoints in VNET1: - You wouldn't use service endpoints to enable communication between the VNETs. (Peering would be the likely solution for VNET to VNET communication) - Microsoft.Storage (For access to storage1 and storage2) - Microsoft.AzureActiveDirectory (For access to Azure AD) These service endpoints will enable traffic between the virtual machines in VNET1 and Azure Storage accounts (storage1 and storage2) and Azure Active Directory using the Microsoft backbone network. So, the minimum number of service endpoints to add to VNET1 is 2: Microsoft.Storage and Microsoft.AzureActiveDirectory. Please correct me if i'm wrong!
upvoted 8 times
...
[Removed]
1 year, 4 months ago
he Microsoft.AzureActiveDirectory tag listed under services supporting service endpoints is used only for supporting service endpoints to ADLS Gen 1. Azure AD doesn't support service endpoints natively. So Answer is only one he Microsoft.AzureActiveDirectory tag listed under services supporting service endpoints is used only for supporting service endpoints to ADLS Gen 1. Azure AD doesn't support service endpoints natively. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
upvoted 2 times
...
Abesse
1 year, 4 months ago
Selected Answer: A
Only for the storage
upvoted 5 times
...
MajidS
1 year, 4 months ago
Only 1 service endpoint is required for Storage account
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel