ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-700 All Questions

View all questions & answers for the AZ-700 exam
Go to Exam

Exam AZ-700 topic 5 question 16 discussion

Actual exam question from Microsoft's AZ-700
Question #: 16
Topic #: 5
[All AZ-700 Questions]

SIMULATION
-




Username and password
-

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Azure Username: [email protected]

Azure Password: xxxxxxxxxx
-

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the
portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 12345678
-

You need to ensure that the storage12345678 storage account will only accept connections from the hosts on VNET1.

To complete this task, sign in to the Azure portal.

Show Suggested Answer Hide Answer
Suggested Answer:
by Bbb78 at Feb. 6, 2023, 6:13 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Bbb78
Highly Voted 1 year, 8 months ago
This seems incorrect - the question only asks to accept connections only from VNET1 hosts! This can be done with the Storage Network/Firewall settings.
upvoted 21 times
wooyourdaddy
1 year, 7 months ago
Agree, this one seems easier to do with Service Endpoints rather than Private Endpoints. Change Public network access on the storage account to 'Enabled from selected virtual networks and IP addresses'. Under Virtual Networks, choose VNET1 and its subnets. On the subnets in VNET1, edit and add the Microsoft.Storage service under Service Endpoints.
upvoted 5 times
Ws1234
1 year, 6 months ago
You'd have to add every new subnet of VNET1 to the 'selected virtual networks' manually. When using a private endpoint, all subnets in the VNET automatically have access. Both will work, Private endpoint seems like the better option to me.
upvoted 4 times
...
...
...
bobothewiseman
Most Recent 3 months ago
-Add vnet1 to firewalls and virtual networks settings from stirage account - configure Service Endpoint on Vnet1
upvoted 1 times
...
cerifyme85
8 months ago
I think SEP and PEP both do the same thing ==> providing access "privately" to azure native services. It just comes down to individual choice and of course future needs. Main difference: PEP ==> uses private IP SEP ==> Uses public IP Both go through the Microsoft backbone network https://learn.microsoft.com/en-us/azure/private-link/private-link-faq#what-is-the-relationship-between-private-link-service-and-private-endpoint-:~:text=What%20is%20the%20relationship%20between%20Private%20Link%20Service%20and%20Private%20Endpoint%3F So both PEP and SEP will do the job.
upvoted 1 times
...
Lazylinux
1 year ago
My take on it Service End point – YES can achieve the Goal required however there is ONE major PROBLEM and that is you will still have to go to the storage account and from the networking is to DSIABLE the public access!! And hence doing double work and Also you SEP can only be created from vNET but question is referencing the storage Storage Account – Networking Choosing Enabled from selected virtual networks and IP addresses, this will work however it requires more work in managing the firewall but also there is another issue and that is in order allow vNET – once selected, you also have to have Service Endpoint on EACH subnet you chose and if no SP configured on subnet prior you get the below message forcing SP creation by default!!
upvoted 2 times
Lazylinux
1 year ago
continuing The following networks don’t have service endpoints enabled for 'Microsoft.Storage'. Enabling access will take up to 15 minutes to complete. After starting this operation, it is safe to leave and return later if you do not wish to wait. Private end point guarantees what is required and choosing at same time BLOCK public access will achieve the result and requires least effort in all 3 solutions NOTE: Enabling storage account FIREWALL will by default block all public access unless explicitly allowed Important point: All 3 solutions i.e. Service Endpoint, Enable from selected Networks and Private Endpoint all you have to chose SUBNETS and they DO NOT include the whole vnet so if vnet has 5 subnets than you chose them independently hence question is bit misleading by saying vNET without emphasizing on subnet wording
upvoted 2 times
Lazylinux
1 year ago
Continuing So I would chose Private END POINT Please read the below link https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-portal
upvoted 2 times
cerifyme85
8 months ago
SEP https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-portal#:~:text=You%20can%20enable,access%20the%20data.
upvoted 2 times
...
...
...
...
Aziza_Adam
1 year, 8 months ago
Private endpoint is correct as it ensures that there is no connection except to the linked vnet
upvoted 4 times
barte
1 year, 8 months ago
you also have to remember to disable public access for storage
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago