Home » Microsoft » AZ-303 v.2 » What should you do?
You have a resource group named RG1 that contains the following:
A virtual network that contains two subnets named Subnet1 and AzureFirewallSubnet An Azure Storage account named contososa1 An Azure firewall deployed to AzureFirewallSubnet You need to ensure that contososa1 is accessible from Subnet1 over the Azure backbone network.
What should you do?
A. Modify the Firewalls and virtual networks settings for contososa1.
B. Create a stored access policy for contososa1.
C. Implement a virtual network service endpoint.
D. Remove the Azure firewall.
Correct Answer: C
Explanation/Reference:
Storage firewall rules apply to the public endpoint of a storage account. You don’t need any firewall access rules to allow traffic for private endpoints of a storage account. The process of approving the creation of a private endpoint grants implicit access to traffic from the subnet that hosts the private endpoint.
Note: Storage accounts have a public endpoint that is accessible through the internet. ou can also create Private Endpoints for your storage account, which assigns a private IP address from your VNet to the storage account, and secures all traffic between your VNet and the storage account over a private link. The Azure storage firewall provides access control access for the public endpoint of your storage account. You can also use the firewall to block all access through the public endpoint when using private endpoints. Your storage firewall configuration also enables select trusted Azure platform services to access the storage account securely.
Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security
How To Pass Azure AZ-305 Exam?
Microsoft Azure AZ-305 PDF dumps.
High quality AZ-305 PDF and software. VALID exam to help you pass.
|
|