New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft AZ-204 Exam - Topic 3 Question 127 Discussion

Actual exam question for Microsoft's AZ-204 exam
Question #: 127
Topic #: 3
[All AZ-204 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this question, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are developing a solution that will be deployed to an Azure Kubernetes Service (AKS) cluster. The solution will include a custom VNet, Azure Container Registry images, and an Azure Storage account.

The solution must allow dynamic creation and management of all Azure resources within the AKS cluster.

You need to configure an AKS cluster for use with the Azure APIs.

Solution: Create an AKS cluster that supports network policy. Create and apply a network to allow traffic only from within a defined namespace.

Does the solution meet the goal?

Show Suggested Answer Hide Answer
Suggested Answer: A

When you run modern, microservices-based applications in Kubernetes, you often want to control which components can communicate with each other. The principle of least privilege should be applied to how traffic can flow between pods in an Azure Kubernetes Service (AKS) cluster. Let's say you likely want to block traffic directly to back-end applications. The Network Policy feature in Kubernetes lets you define rules for ingress and egress traffic between pods in a cluster.


https://docs.microsoft.com/en-us/azure/aks/use-network-policies

by Dante at Jan 25, 2026, 06:38 PM

Limited Time Offer

25%

Off

Get Premium AZ-204 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Kimberlie
5 days ago
I feel like the network policy is a good start, but I wonder if we need to specify more about the dynamic resource management part in the solution.
upvoted 0 times
...
Julene
10 days ago
This sounds similar to a practice question we did about securing AKS clusters. I think we also had to consider ingress and egress rules.
upvoted 0 times
...
Sheridan
15 days ago
I'm not entirely sure if just applying a network policy is enough to meet the goal. I remember something about needing to configure RBAC as well.
upvoted 0 times
...
Merilyn
20 days ago
I'm a bit confused by the requirement to "allow dynamic creation and management of all Azure resources within the AKS cluster." Does that mean I need to set up some kind of infrastructure-as-code or automation to provision the Azure resources, or is there a more manual way to do it? I'll need to research the best practices for managing Azure resources from within an AKS cluster.
upvoted 0 times
...
Noe
25 days ago
This seems straightforward enough. I'd start by creating the AKS cluster with network policy support, then use Kubernetes network policies to restrict traffic to the desired namespace. The tricky part might be integrating that with the Azure APIs, but I think if I can get the network policy set up correctly, the rest should fall into place.
upvoted 0 times
...
Irving
1 month ago
Okay, so we need to create an AKS cluster that supports network policy, and then create and apply a network policy to allow traffic only from within a defined namespace. That makes sense, but I'm not sure how to actually implement that in practice. I'll need to review the documentation on network policies in AKS.
upvoted 0 times
...
Noah
1 month ago
I think I can approach this by first understanding the requirements - we need to configure an AKS cluster to work with Azure APIs, and the solution must allow dynamic creation and management of all Azure resources within the AKS cluster. The key seems to be setting up the network policy to restrict traffic to a defined namespace.
upvoted 0 times
...

Save Cancel