Learn how to secure your Azure virtual machine’s access to specific storage accounts using service endpoint policies in Azure. This solution helps restrict access to only the necessary storage resources while ensuring network security.
Table of Contents
Question
You have an Azure subscription that contains the following resources:
- VNet1: Virtual network that contains one subnet named Subnet1
- VM1: Virtual machine connected to VNet1
- storage1: Storage account that contains Azure Files shares
- storage2: Storage account that contains Azure Files shares
- storage3: Storage account that contains Azure Files shares
You need to recommend a solution that will allow VM1 to access only storage1 and no other storage accounts.
What should you include in the recommendation?
A. a service endpoint policy applied to Subnet1
B. a service tag
C. a shared access signature (SAS)
Answer
A. a service endpoint policy applied to Subnet1
Explanation
Service endpoint policies can be enabled to restrict traffic to specific storage accounts. Service tags allow access but for the region and all storage accounts in the region and not just to specific storage accounts. To restrict access to an individual storage account, service endpoints are restrictive.
Designing and Implementing Microsoft Azure Networking Solutions AZ-700 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Designing and Implementing Microsoft Azure Networking Solutions AZ-700 exam and earn Designing and Implementing Microsoft Azure Networking Solutions AZ-700 certification.