- Home
- Microsoft
- Designing and Implementing Microsoft Azure Networking Solutions
- Microsoft.AZ-700.v2024-02-19.q92
- Question 15
Valid AZ-700 Dumps shared by ExamDiscuss.com for Helping Passing AZ-700 Exam! ExamDiscuss.com now offer the newest AZ-700 exam dumps, the ExamDiscuss.com AZ-700 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com AZ-700 dumps with Test Engine here:
Access AZ-700 Dumps Premium Version
(398 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 15/92
You have an Azure virtual network named Vnet1.
You need to ensure that the virtual machines in Vnet1 can access only the Azure SQL resources in the East US Azure region. The virtual machines must be prevented from accessing any Azure Storage resources.
Which two outbound network security group (NSG) rules should you create? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You need to ensure that the virtual machines in Vnet1 can access only the Azure SQL resources in the East US Azure region. The virtual machines must be prevented from accessing any Azure Storage resources.
Which two outbound network security group (NSG) rules should you create? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Correct Answer: A,C
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/service-tags-overview
https://docs.microsoft.com/en-us/azure/virtual-network/service-tags-overview
- Question List (92q)
- Question 1: For each of the following statements, select Yes if the stat...
- Question 2: You have an Azure subscription that is linked to an Azure AD...
- Question 3: You have an Azure subscription that contains a virtual netwo...
- Question 4: You have an Azure subscription that contains the public IP a...
- 1 commentQuestion 5: You have an Azure virtual network named Vnet1 that contains ...
- Question 6: You have an Azure subscription that is linked to an Azure Ac...
- Question 7: You have five virtual machines that run Windows Server. Each...
- 1 commentQuestion 8: You have an Azure subscription that contains the resources s...
- Question 9: You have an Azure Front Door instance that provides access t...
- 1 commentQuestion 10: Your on-premises network contains the subnets shown in the f...
- 1 commentQuestion 11: You have an Azure virtual network named Vnet1 that has one s...
- Question 12: Note: This question is part of a series of questions that pr...
- Question 13: Your company has a single on-premises datacenter in New York...
- Question 14: You have an Azure subscription You plan to use Azure Virtual...
- 1 commentQuestion 15: You have an Azure virtual network named Vnet1. You need to e...
- Question 16: You plan to publish a website that will use an FQDN of www.c...
- Question 17: You have an Azure virtual network named Vnet1 that contains ...
- Question 18: Your company has 10 instances of a web service. Each instanc...
- Question 19: Your company has an office in New York. The company has an A...
- Question 20: You have Azure App Service apps in the West US Azure region ...
- 1 commentQuestion 21: You have two Azure subscriptions named Subscription1 and Sub...
- Question 22: Task 8 You need to ensure that the storage34280945 storage a...
- Question 23: You have an Azure virtual network named Vnet1 that hosts an ...
- 1 commentQuestion 24: You are planning an Azure Front Door deployment that will co...
- Question 25: You have an on-premises network. You have an Azure subscript...
- Question 26: You have an Azure subscription that contains the virtual net...
- Question 27: You have an Azure application gateway named AppGW1 that bala...
- Question 28: You have an Azure virtual network and an on-premises datacen...
- Question 29: You have an internal Basic Azure Load Balancer named LB1 Tha...
- Question 30: You need to ensure that connections to the storage34280945 s...
- Question 31: You have an Azure subscription that contains a virtual netwo...
- Question 32: Note: This question is part of a series of questions that pr...
- Question 33: You have an Azure subscription that contains a virtual netwo...
- Question 34: Which virtual machines can VM1 and VM4 ping successfully? To...
- Question 35: You have an Azure subscription that contains the public IPv4...
- 1 commentQuestion 36: Your company has five offices. Each office has a firewall de...
- Question 37: You plan to configure BGP for a Site-to-Site VPN connection ...
- Question 38: Note: This question is part of a series of questions that pr...
- 1 commentQuestion 39: You have 10 Azure App Service instances. Each instance hosts...
- Question 40: You have two Azure subscriptions named Subscnption1 and Subs...
- 2 commentQuestion 41: You have the Azure virtual networks shown in the following t...
- Question 42: You need to configure the default route in Vnet2 and Vnet3. ...
- Question 43: You have 10 on-premises networks that are connected by using...
- Question 44: You have an Azure virtual network that contains a subnet nam...
- Question 45: You have an Azure subscription that contain a viral network ...
- Question 46: You have three on-premises networks. You have an Azure subsc...
- Question 47: You need to implement a P2S VPN for the users in the branch ...
- Question 48: Task 5 You need to ensure that requests for wwwjelecloud.com...
- Question 49: You have the network security groups (NSGs) shown in the fol...
- Question 50: Note: This question is part of a series of questions that pr...
- Question 51: You create NSG10 and NSG11 to meet the network security requ...
- 1 commentQuestion 52: You have the Azure resources shown in the following table. (...
- Question 53: You have an Azure subscription that contains an Azure App Se...
- 1 commentQuestion 54: In which NSGs can you use ASG1 and to which virtual machine ...
- 1 commentQuestion 55: You have the Azure virtual networks shown in the following t...
- 1 commentQuestion 56: You have an Azure subscription that contains an app named Ap...
- Question 57: You have an Azure subscription. You have the on-premises sit...
- Question 58: You have the Azure Traffic Manager profiles shown in the fol...
- Question 59: You have an Azure subscription that contains an Azure key va...
- 1 commentQuestion 60: Your company has 40 branch offices across North America and ...
- Question 61: You have an Azure private DNS zone named contoso.com that is...
- Question 62: You have an Azure subscription that contains the resources s...
- 1 commentQuestion 63: You need to connect an on-premises network and an Azure envi...
- Question 64: You have a network security group named NSG1. You need to en...
- 1 commentQuestion 65: You have the network topology shown in the Topology exhibit....
- Question 66: Note: This question is part of a series of questions that pr...
- Question 67: Note: This question is part of a series of questions that pr...
- Question 68: You have the Azure environment shown in the following exhibi...
- Question 69: You configure a route table named RT1 that has the routes sh...
- Question 70: You have an Azure application gateway named AppGW1 that prov...
- Question 71: Your on-premises network contains a VPN device. You have an ...
- Question 72: Note: This question is part of a series of questions that pr...
- Question 73: Task 7 You need to ensure that hosts on VNET2 can access hos...
- Question 74: You have an Azure subscription that contains the following r...
- Question 75: You have the hybrid network shown in the Network Diagram exh...
- Question 76: You need to recommend a configuration for the ExpressRoute c...
- Question 77: You have two Azure virtual networks named Vnet1 and Vnet2 in...
- Question 78: You are configuring two network virtual appliances (NVAs) in...
- 1 commentQuestion 79: You plan to deploy an Azure virtual network. You need to des...
- 1 commentQuestion 80: Your company, named Contoso, Ltd, has an Azure subscription ...
- Question 81: You need to restrict traffic from VMScaleSet1 to VMScaleSet2...
- Question 82: You have an application named App1 that listens for incoming...
- Question 83: You have an Azure subscription that contains an app named Ap...
- Question 84: For each of the following statements, select Yes if the stat...
- Question 85: You need to use Traffic Analytics to monitor the usage of ap...
- Question 86: You have a website that uses an FQDN of www.contoso.com. The...
- Question 87: You have an Azure Front Door instance named FD1 that is prot...
- 1 commentQuestion 88: You have an Azure virtual network named Vnet1 and an on-prem...
- Question 89: You have the Azure resources shown in the following table. (...
- Question 90: You have an on-premises network. You have an Azure subscript...
- Question 91: Task 10 You need to configure VNET1 to log all events and me...
- Question 92: You have the Azure load balancer shown in the Load Balancer ...
Recent Comments (The most recent comments are at the top.)
The correct answers are:
A. an allow rule that has the IP address range of Vnet1 as the source and destination of Sq1.EastUS
D. a deny rule that has the IP address range of Vnet1 as the source and destination of Storage
Explanation:
A. This allow rule will permit the virtual machines in Vnet1 to access the Azure SQL resources in the East US region. The source and destination of the rule should be the IP address range of Vnet1, which will allow the VMs to communicate with the SQL resources.
D. This deny rule will prevent the virtual machines in Vnet1 from accessing any Azure Storage resources. The source and destination of the rule should be the IP address range of Vnet1, which will block the VMs from communicating with the Storage resources.
B. This deny rule is not necessary, as the default behavior of an NSG is to deny any traffic that is not explicitly allowed. There is no need to create a separate deny rule for the VirtualNetwork source and Sq1 destination.
C. This deny rule is not relevant to the given scenario, as it would block access to the 168.63.129.0/24 IP address range, which is used for internal Azure infrastructure purposes and not related to the requirement of restricting access to Azure Storage resources.
Therefore, the two outbound NSG rules that should be created are the allow rule for Vnet1 to Sq1.EastUS (A) and the deny rule for Vnet1 to Storage (D).
Citations:
[1] https://learn.microsoft.com/en-us/sql/relational-databases/security/ledger/ledger-nsg-policies-configure?view=sql-server-ver16
[2] https://learn.microsoft.com/en-us/azure/azure-sql/database/vnet-service-endpoint-rule-overview?view=azuresql
[3] https://www.cloudbolt.io/azure-costs/azure-nsg/
[4] https://learn.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
[5] https://www.site24x7.com/learn/azure-network-security-groups.html...