New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft AZ-104 Exam - Topic 4 Question 112 Discussion

Actual exam question for Microsoft's AZ-104 exam
Question #: 112
Topic #: 4
[All AZ-104 Questions]

You have an Azure subscription that contains 10 virtual machines, a key vault named Vault 1, and a network security group (NSG) named NSG1. All the resources are deployed to the East US Azure region.

The virtual machines are protected by using NSG1. NSG1 is configured to block all outbound traffic to the internet.

You need to ensure that the virtual machines can access Vault1. The solution must use the principle of least privilege and minimize administrative effort.

What should you configure as the destination of the outbound security rule for NSG1?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Temeka at Dec 05, 2024, 03:48 PM

Limited Time Offer

25%

Off

Get Premium AZ-104 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Louvenia
3 months ago
Surprised this isn't more straightforward!
upvoted 0 times
...
Lon
3 months ago
Definitely need to use the least privilege principle here.
upvoted 0 times
...
Tish
3 months ago
Isn't it risky to allow outbound traffic at all?
upvoted 0 times
...
Royal
4 months ago
I think an application security group could work too.
upvoted 0 times
...
Toshia
4 months ago
A service tag is the way to go!
upvoted 0 times
...
Frederica
4 months ago
I feel like the service tag is the best option here since it aligns with least privilege and minimizes admin effort.
upvoted 0 times
...
Mollie
4 months ago
I practiced a similar question where we had to allow access to a key vault. I think using an IP address range might be too broad for this scenario.
upvoted 0 times
...
Deane
4 months ago
I'm not entirely sure, but I think application security groups could also work here. They allow for more granular control, right?
upvoted 0 times
...
Johnathon
5 months ago
I remember something about service tags being used for Azure resources. They might simplify the configuration for NSGs.
upvoted 0 times
...
Johna
5 months ago
I'm leaning towards C, an IP address range. That way, I can specifically allow access to the key vault's IP address and nothing else. Seems more secure than a broad service tag, even if it takes a bit more work to set up.
upvoted 0 times
...
Vince
5 months ago
Definitely option A for me. Service tags are the way to go - they're easy to set up and maintain, and they'll give the VMs access to the key vault without exposing the whole internet. Seems like the most efficient solution.
upvoted 0 times
...
Ivette
5 months ago
Hmm, I'm a bit confused on this one. I'm not sure if using a service tag is the best approach since the question mentions minimizing administrative effort. Maybe an application security group would be better?
upvoted 0 times
...
Alisha
5 months ago
I think the key here is to use the principle of least privilege, so I'd go with option A and use a service tag. That way, the VMs can access the key vault without needing to open up the whole internet.
upvoted 0 times
...
Ahmed
1 year ago
Guys, let's not overthink this. Just use a service tag and call it a day. It's the 'principle of least privilege', not the 'principle of maximum confusion'.
upvoted 0 times
Diane
1 year ago
No, using an IP address range would not be the best option in this scenario. Stick to the service tag for simplicity.
upvoted 0 times
...
Celeste
1 year ago
C) an IP address range
upvoted 0 times
...
Carey
1 year ago
Exactly, using a service tag will allow access to Vault1 while still following the principle of least privilege.
upvoted 0 times
...
Antonio
1 year ago
A) a service tag
upvoted 0 times
...
...
Wilda
1 year ago
A service tag? Sounds like something out of a sci-fi novel. I'm sticking with good old IP addresses.
upvoted 0 times
Christoper
1 year ago
C) an IP address range
upvoted 0 times
...
Virgie
1 year ago
B) an application security group
upvoted 0 times
...
Wai
1 year ago
A) a service tag
upvoted 0 times
...
...
Sheron
1 year ago
C looks good to me. Just specify the IP range and you're all set. Easy peasy.
upvoted 0 times
...
Loren
1 year ago
I'm going with B. Application security groups are the new hotness for this kind of thing.
upvoted 0 times
Gerald
1 year ago
B) an application security group
upvoted 0 times
...
...
Donte
1 year ago
That's a good point, Clay. Using a service tag could indeed be a more efficient solution.
upvoted 0 times
...
Clay
1 year ago
But wouldn't using a service tag be more secure and easier to manage in the long run?
upvoted 0 times
...
Luisa
1 year ago
A service tag is the way to go. Keeps things simple and secure.
upvoted 0 times
Rosita
1 year ago
Definitely, using a service tag is the best option in this scenario.
upvoted 0 times
...
Mona
1 year ago
A) a service tag
upvoted 0 times
...
...
Timothy
1 year ago
I agree with Donte. Configuring an IP address range would be the best option to allow access to Vault1.
upvoted 0 times
...
Donte
1 year ago
I think we should configure an IP address range as the destination.
upvoted 0 times
...

Save Cancel