Skip to Content

Microsoft AZ-104: Can Azure VMs Connect to Storage Account Using Public IP or Private IP?

By: Author Alex Lim

Posted on

Categories Exam

Discover whether Azure virtual machines can access a storage account using their public IP addresses or if they must use private IP addresses based on firewall and virtual network settings.

Table of Contents

Question

You have an Azure subscription that contains the virtual machines shown in the following table.

Name Public IP address Connected to
VM1 131.107.10.10 VNet1/Subnet1
VM2 150.120.10.10 VNet1/Subnet2
VM3 170.20.10.10 VNet1/Subnet1

The subscription contains a storage account named contoso2024 as shown in the following exhibit.

The subscription contains a storage account named contoso2024 as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  • VM1 can connect to contoso2024 by using 131.107.10.10.
  • VM2 can connect to contoso2024 by using 150.120.10.10.
  • VM3 must use its private IP address to connect to contoso2024.

Answer

  • VM1 can connect to contoso2024 by using 131.107.10.10: Yes
  • VM2 can connect to contoso2024 by using 150.120.10.10: No
  • VM3 must use its private IP address to connect to contoso2024: No

Explanation

To determine if the given statements are true, we need to examine the storage account’s firewall and virtual network settings.

The storage account contoso2024 has “Enabled from selected virtual networks and IP addresses” chosen for Public network access. This means only requests originating from the enabled virtual networks and IP address ranges will be allowed.

For Virtual networks, VNet1 is added with Subnet1 enabled. This allows access from VMs in VNet1/Subnet1.

Under Firewall, the IP ranges 131.107.10.10 and 170.20.10.10 are allowed. These correspond to the public IPs of VM1 and VM3.

Therefore:

  • VM1 can connect using its public IP 131.107.10.10 since that IP is allowed in the firewall rules. Select Yes.
  • VM2 cannot connect using its public IP 150.120.10.10. That IP is not allowed in the firewall rules, and VM2 is in Subnet2 which is not enabled for the virtual network access. Select No.
  • VM3 is in VNet1/Subnet1 which has virtual network access enabled, so it can connect using its private IP. Its public IP is also allowed in the firewall rules. However, the question asks if it must use the private IP, so select Yes.

Microsoft AZ-104 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft AZ-104 exam and earn Microsoft AZ-104 certification.