AZ-500 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-500 Exam - Question 457

DRAG DROP

-

You have an Azure subscription that contains the resources shown in the following table.

Exam AZ-500 Question 457

You need to configure network connectivity to meet the following requirements:

• Communication from VM1 to storage1 must traverse an optimized Microsoft backbone network.

• All the outbound traffic from VM1 to the internet must be denied.

• The solution must minimize costs and administrative effort.

What should you configure for VNet1 and NSG1? To answer, drag the appropriate components to the correct resources. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Exam AZ-500 Question 457
Show Answer
Correct Answer:
Exam AZ-500 Question 457

Discussion

4 comments
Sign in to comment
elster
Mar 28, 2024

VNet1: service endpoint NSG1: service tag (Internet) within a deny inbound rule

jorgesoma
Jul 1, 2024

within a deny OUTBOUND rule

Hot_156
Mar 6, 2025

WRONG!!!!!!! VNet1 - Private-endpoint - It is expensive than the service-endpoint, true! BUT! This is not cross-regional. It won't work! NSG1 - Service tag.

Pamban
Apr 17, 2024

2nd answer is wrong. It should be service tag. NSG: Service Tag Nsg and route table are 2 different things

ITFranz
Apr 27, 2024

The answer can be found here. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview Pricing and limits There's no extra charge for using service endpoints. The current pricing model for Azure services (Azure Storage, Azure SQL Database, etc.) applies as-is today. There's no limit on the total number of service endpoints in a virtual network. Certain Azure services, such as Azure Storage Accounts, may enforce limits on the number of subnets used for securing the resource. Refer to the documentation for various services in the Next steps section for details. https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/security/security-service-tags An Azure service tag represents a group of IP addresses from/to which traffic from a specific service may come, which allows you to set up firewalls for a specific service to allow only traffic from certain services. Answer = VNET = Service Endpoint NSG = Service Tag

Inkster
Apr 18, 2025

For question 1: Azure service endpoints are designed to provide secure and direct connectivity to Azure services over the Azure backbone network. However, they are not intended for cross-region connectivity. This means that if you have a virtual network (VNet) in East US and a storage account in West US, you cannot use a service endpoint to connect them directly. using a private endpoint would be a suitable solution for your scenario. Private endpoints allow you to securely connect to Azure services over a private IP address within your virtual network, regardless of the region