Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft AZ-700 Exam - Topic 2 Question 87 Discussion

You have an on-premises network named Site1.You have an Azure subscription that contains a storage account named storage1 and a virtual network named VNet1. VNet1 contains a subnet named Subnet1. A private endpoint for storage1 is connected to Subnet1 Site1 is connected to VNet1 by using a Site-to-Site (S2S) VPN.You need to control access to storage1 from Site1 by using network security groups (NSGs).What should you do first?
C) Configure a network policy for private endpoints on Subnet1.
A) Associate a route table with Subnet1.
B) Associate a NAT gateway with Subnet1.
D) Create a subnet delegation on Subnet1.

Microsoft AZ-700 Exam - Topic 2 Question 87 Discussion

Actual exam question for Microsoft's AZ-700 exam
Question #: 87
Topic #: 2
[All AZ-700 Questions]

You have an on-premises network named Site1.

You have an Azure subscription that contains a storage account named storage1 and a virtual network named VNet1. VNet1 contains a subnet named Subnet1. A private endpoint for storage1 is connected to Subnet1 Site1 is connected to VNet1 by using a Site-to-Site (S2S) VPN.

You need to control access to storage1 from Site1 by using network security groups (NSGs).

What should you do first?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Holley at Jul 14, 2025, 11:07 PM

Limited Time Offer

25%

Off

Get Premium AZ-700 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Shenika
6 months ago
Subnet delegation seems unnecessary here, stick with C!
upvoted 0 times
...
Sharan
6 months ago
A route table won't help with NSGs, so C makes sense.
upvoted 0 times
...
Demetra
6 months ago
Totally agree, option C is the way to go!
upvoted 0 times
...
Maryann
6 months ago
Wait, are we sure that's the first step?
upvoted 0 times
...
Ceola
6 months ago
You need to configure a network policy for private endpoints first.
upvoted 0 times
...
Hannah
7 months ago
I feel like the NAT gateway option is not related to NSGs, but I can't recall exactly how it all fits together.
upvoted 0 times
...
Lea
7 months ago
I’m a bit confused about the options. I thought subnet delegation was important, but I’m not sure if it applies to controlling access to storage1.
upvoted 0 times
...
Shannan
7 months ago
I remember practicing a similar question where we had to set up NSGs, and I feel like associating a route table might be more relevant here.
upvoted 0 times
...
Kaycee
7 months ago
I think we need to configure a network policy for private endpoints on Subnet1, but I'm not entirely sure if that's the first step.
upvoted 0 times
...
Karima
8 months ago
I'm pretty confident that the correct answer is C. Configuring a network policy for the private endpoint on Subnet1 will allow us to control the access to the storage account from the on-premises network. The other options, like associating a route table or NAT gateway, don't seem directly relevant to the problem statement.
upvoted 0 times
...
Merrilee
8 months ago
Okay, let me think this through. Since the on-premises network is connected to the Azure VNet via a Site-to-Site VPN, we'll need to make sure the network traffic from Site1 is allowed to access the storage account. I think configuring a network policy for the private endpoint on Subnet1 might be the best place to start.
upvoted 0 times
...
Eric
8 months ago
Hmm, I'm a bit confused. The question mentions controlling access to the storage account, but it doesn't explicitly say we need to use an NSG. I'm not sure if that's the right approach or if there's something else we should be considering first.
upvoted 0 times
...
Alishia
8 months ago
I think the key here is to control access to the storage account from the on-premises network. Based on the information provided, it seems like we need to configure a network security group (NSG) on the subnet that the private endpoint is connected to.
upvoted 0 times
...
Quentin
10 months ago
Haha, B. Associate a NAT gateway? What kind of a joke is that? I'm going with C, no doubt about it.
upvoted 0 times
...
Pok
10 months ago
Hmm, I see your point. Maybe we should consider both options and evaluate which one would be more effective.
upvoted 0 times
...
Merilyn
10 months ago
I agree with Silva, setting up a route table seems like the right first step to me.
upvoted 0 times
...
Silva
10 months ago
But wouldn't associating a route table help in controlling access to storage1 from Site1?
upvoted 0 times
...
Joesph
10 months ago
This question is a piece of cake! C is definitely the correct answer. Configuring the network policy is crucial for securing the private endpoint.
upvoted 0 times
Maryanne
9 months ago
Definitely, C is the way to go to ensure security for the private endpoint in this scenario.
upvoted 0 times
...
Laquita
10 months ago
Agreed, setting up the network policy is key for controlling access to storage1 from Site1.
upvoted 0 times
...
Deonna
10 months ago
I think C is the right choice too. It's important to configure the network policy for private endpoints.
upvoted 0 times
...
...
Pok
10 months ago
I disagree, I believe we should configure a network policy for private endpoints on Subnet1.
upvoted 0 times
...
Silva
11 months ago
I think we should associate a route table with Subnet1 first.
upvoted 0 times
...
Cammy
11 months ago
B. Associate a NAT gateway with Subnet1? Really? That doesn't seem relevant to the question at all. I'm going with C.
upvoted 0 times
...
Laine
11 months ago
D. Create a subnet delegation on Subnet1 sounds like the way to go. That's probably the best way to manage the network security for the private endpoint.
upvoted 0 times
Kaycee
10 months ago
Yeah, that makes sense. It will help in controlling access to storage1 from Site1.
upvoted 0 times
...
Carmelina
10 months ago
I agree, creating a subnet delegation on Subnet1 seems like the right first step.
upvoted 0 times
...
...
Ruth
11 months ago
Hmm, I think the answer is C. Configuring a network policy for private endpoints on Subnet1 seems like the logical first step to control access to the storage account.
upvoted 0 times
Tamie
10 months ago
Yes, setting up the network policy for private endpoints on Subnet1 is definitely the first thing to do in this scenario.
upvoted 0 times
...
Cyril
10 months ago
I agree, that would be the best way to control access to the storage account from Site1.
upvoted 0 times
...
Kattie
10 months ago
I think you're right, configuring a network policy for private endpoints on Subnet1 is the first step.
upvoted 0 times
...
...

Save Cancel