Learn how to efficiently block traffic to Azure storage accounts using service tags in your Azure Virtual Network. This guide covers minimizing administrative effort when managing NSG rules in Azure, essential for the AZ-700 certification exam.
Table of Contents
Question
You have an Azure subscription that contains an Azure Virtual Network named VNet1. VNet1 contains a subnet named Subnet1. A network security group (NSG) named NSG1 is associated with Subnet1.
The subscription contains 25 storage accounts.
You plan to create an NSG rule named Rule1 that will block traffic to all the storage accounts.
You need to reference all the public IP addresses of the storage accounts in Rule1. The solution must minimize administrative effort.
What should you use?
A. application security groups
B. Microsoft peering
C. service endpoints
D. service tags
Answer
D. service tags
Explanation
Service tags are used to identify groups of public IP addresses for Azure resources.
Application security groups are a way to tag a set of virtual machines or resources on a virtual network to be used in an NSG rule. Microsoft peering is used to connect an on-premises network to Azure public resources. A service endpoint is used to connect resources on a virtual network to public Azure resources over the Microsoft backbone.
Designing and Implementing Microsoft Azure Networking Solutions AZ-700 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Designing and Implementing Microsoft Azure Networking Solutions AZ-700 exam and earn Designing and Implementing Microsoft Azure Networking Solutions AZ-700 certification.