Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Microsoft Exam AZ-700 Topic 3 Question 62 Discussion

Actual exam question for Microsoft's AZ-700 exam
Question #: 62
Topic #: 3
[All AZ-700 Questions]

You have an Azure virtual network named Vnet1.

You need to ensure that the virtual machines in Vnet1 can access only the Azure SQL resources in the East US Azure region. The virtual machines must be prevented from accessing any Azure Storage resources.

Which two outbound network security group (NSG) rules should you create? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer: A

Here are the steps and explanations for creating the object that will provide the IP addressing configuration of the on-premises network to the Site-to-Site VPN:

The object that you need to create is called a local network gateway. A local network gateway represents your on-premises network and VPN device in Azure. It contains the public IP address of your VPN device and the address prefixes of your on-premises network that you want to connect to the Azure virtual network1.

To create a local network gateway, you need to go to the Azure portal and selectCreate a resource. Search forlocal network gateway, selectLocal network gateway, then selectCreate2.

On theCreate local network gatewaypage, enter or select the following information and accept the defaults for the remaining settings:

Name: Type a unique name for your local network gateway.

IP address: Type the public IP address of your VPN device, which is 131.107.50.60 in this case.

Address space: Type the internal address range of your on-premises network, which is 10.10.0.0/16 in this case.

Subscription: Select your subscription name.

Resource group: Select your resource group name.

Location: Select the same region as your virtual network.

SelectReview + createand then selectCreateto create your local network gateway2.


by Melynda at Jun 24, 2024, 09:28 PM

Limited Time Offer

25%

Off

Get Premium AZ-700 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Karon
2 months ago
Alright, let's do this! Time to put on my network security wizard hat and nail this question.
upvoted 0 times
Raina
10 days ago
C) a deny rule that has a source of VirtualNetwork and a destination of 168.63.129.0/24
upvoted 0 times
...
Arlean
12 days ago
B) a deny rule that has a source of VirtualNetwork and a destination of Sq1
upvoted 0 times
...
Edelmira
1 months ago
A) an allow rule that has the IP address range of Vnet1 as the source and destination of Sq1.EastUS
upvoted 0 times
...
...
Reta
2 months ago
Haha, I bet the correct answer involves a lot of trial and error. Just like my last IT job, always guessing which firewall rules to set up!
upvoted 0 times
...
Dean
2 months ago
I'm not sure about option B. Why would I need to deny access to 168.63.129.0/24? That seems like an odd choice.
upvoted 0 times
Jesusita
13 days ago
User1: So, we need both options B and C to achieve the desired outcome.
upvoted 0 times
...
Shawnna
22 days ago
User3: Option B is to prevent access to Azure SQL resources, while option C is to block access to a specific IP range.
upvoted 0 times
...
Noah
2 months ago
User2: I think option C is to deny access to Azure Storage resources specifically.
upvoted 0 times
...
Sue
2 months ago
User1: Option B is to deny access from the virtual network to the Azure SQL resources.
upvoted 0 times
...
...
Carma
2 months ago
But we also need to allow access to Azure SQL resources in the East US region. So, we should create an allow rule for that.
upvoted 0 times
...
Princess
2 months ago
I agree with Salome. We need to prevent the virtual machines from accessing Azure Storage.
upvoted 0 times
...
Tijuana
2 months ago
A and D seem like the obvious choices here. I need to allow access to the East US SQL resources and deny access to all Azure Storage resources.
upvoted 0 times
Pauline
29 days ago
That way we can prevent access to any Azure Storage resources.
upvoted 0 times
...
Kimbery
2 months ago
We also need to create a deny rule for the IP address range of Vnet1 to Storage.
upvoted 0 times
...
Regenia
2 months ago
Agreed, that will allow access to the East US SQL resources.
upvoted 0 times
...
Antonio
2 months ago
I think we should create an allow rule for the IP address range of Vnet1 to Sq1.EastUS
upvoted 0 times
...
...
Salome
3 months ago
I think we should create a deny rule for Azure Storage resources.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77