Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft Exam AZ-700 Topic 3 Question 62 Discussion

Actual exam question for Microsoft's AZ-700 exam
Question #: 62
Topic #: 3
[All AZ-700 Questions]

You have an Azure virtual network named Vnet1.

You need to ensure that the virtual machines in Vnet1 can access only the Azure SQL resources in the East US Azure region. The virtual machines must be prevented from accessing any Azure Storage resources.

Which two outbound network security group (NSG) rules should you create? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer: A

Here are the steps and explanations for creating the object that will provide the IP addressing configuration of the on-premises network to the Site-to-Site VPN:

The object that you need to create is called a local network gateway. A local network gateway represents your on-premises network and VPN device in Azure. It contains the public IP address of your VPN device and the address prefixes of your on-premises network that you want to connect to the Azure virtual network1.

To create a local network gateway, you need to go to the Azure portal and selectCreate a resource. Search forlocal network gateway, selectLocal network gateway, then selectCreate2.

On theCreate local network gatewaypage, enter or select the following information and accept the defaults for the remaining settings:

Name: Type a unique name for your local network gateway.

IP address: Type the public IP address of your VPN device, which is 131.107.50.60 in this case.

Address space: Type the internal address range of your on-premises network, which is 10.10.0.0/16 in this case.

Subscription: Select your subscription name.

Resource group: Select your resource group name.

Location: Select the same region as your virtual network.

SelectReview + createand then selectCreateto create your local network gateway2.


by Melynda at Jun 24, 2024, 09:28 PM

Limited Time Offer

25%

Off

Get Premium AZ-700 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Karon
1 months ago
Alright, let's do this! Time to put on my network security wizard hat and nail this question.
upvoted 0 times
Edelmira
13 days ago
A) an allow rule that has the IP address range of Vnet1 as the source and destination of Sq1.EastUS
upvoted 0 times
...
...
Reta
1 months ago
Haha, I bet the correct answer involves a lot of trial and error. Just like my last IT job, always guessing which firewall rules to set up!
upvoted 0 times
...
Dean
1 months ago
I'm not sure about option B. Why would I need to deny access to 168.63.129.0/24? That seems like an odd choice.
upvoted 0 times
Shawnna
2 days ago
User3: Option B is to prevent access to Azure SQL resources, while option C is to block access to a specific IP range.
upvoted 0 times
...
Noah
26 days ago
User2: I think option C is to deny access to Azure Storage resources specifically.
upvoted 0 times
...
Sue
27 days ago
User1: Option B is to deny access from the virtual network to the Azure SQL resources.
upvoted 0 times
...
...
Carma
2 months ago
But we also need to allow access to Azure SQL resources in the East US region. So, we should create an allow rule for that.
upvoted 0 times
...
Princess
2 months ago
I agree with Salome. We need to prevent the virtual machines from accessing Azure Storage.
upvoted 0 times
...
Tijuana
2 months ago
A and D seem like the obvious choices here. I need to allow access to the East US SQL resources and deny access to all Azure Storage resources.
upvoted 0 times
Pauline
9 days ago
That way we can prevent access to any Azure Storage resources.
upvoted 0 times
...
Kimbery
29 days ago
We also need to create a deny rule for the IP address range of Vnet1 to Storage.
upvoted 0 times
...
Regenia
1 months ago
Agreed, that will allow access to the East US SQL resources.
upvoted 0 times
...
Antonio
1 months ago
I think we should create an allow rule for the IP address range of Vnet1 to Sq1.EastUS
upvoted 0 times
...
...
Salome
2 months ago
I think we should create a deny rule for Azure Storage resources.
upvoted 0 times
...

Save Cancel