Learn which Azure resources like virtual machines, storage accounts, and web apps can be accessed using service endpoints and which ones support service endpoint policies. Detailed explanation for the Microsoft AZ-500 certification exam.
Table of Contents
Question
You have an Azure subscription that contains the resources shown in the following table.
| Name | Type | Resource provider |
|---|---|---|
| VM1 | Virtual machine | Microsoft.Compute |
| storage1 | Storage account | Microsoft.Storage |
| WebApp1 | Azure App Service web app | Microsoft.Web |
You plan to use service endpoints and service endpoint policies.
Which resources can be accessed by using a service endpoint, and which resources support service endpoint policies? To answer, select the appropriate options in the answer area.
Can be accessed by using a service endpoint:
- storage1 and WebApp1 only
- VM1 and storage1 only
- VM1 and WebApp1 only
- VM1, storage1, and WebApp1 only
Support service endpoint policies:
- storage1 only
- VM1 only
- WebApp1 only
- VM1 and storage1 only
- Storage1 and WebApp1 only
Answer
Can be accessed by using a service endpoint: storage1 only
Support service endpoint policies: storage1 only
Explanation
Can be accessed by using a service endpoint: storage1 only
Explanation: Of the given Azure resources, only storage accounts (storage1 in this case) can be accessed using service endpoints. Service endpoints allow you to secure Azure service resources to only your virtual network. They are available for select Azure services, including Azure Storage, Azure SQL Database, and Azure Key Vault, but not for virtual machines (VM1) or Azure App Service web apps (WebApp1).
Support service endpoint policies: storage1 only
Explanation: Service endpoint policies allow you to filter virtual network traffic to Azure Storage accounts based on the storage account resource. They enable granular access control by filtering requests like what storage account can be accessed, what operations (read, write, delete) are allowed, and what source IP ranges requests can come from. Service endpoint policies currently only support Azure Storage (storage1) and not other resource types like virtual machines (VM1) or App Service web apps (WebApp1).
In summary, for the given resources in the question, only the storage account storage1 can be accessed using a service endpoint and supports configuring service endpoint policies. Virtual machines and App Service web apps do not have these capabilities.
Microsoft AZ-500 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft AZ-500 exam and earn Microsoft AZ-500 certification.