Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Microsoft Exam AZ-700 Topic 3 Question 62 Discussion

Actual exam question for Microsoft's AZ-700 exam
Question #: 62
Topic #: 3
[All AZ-700 Questions]

You have an Azure virtual network named Vnet1.

You need to ensure that the virtual machines in Vnet1 can access only the Azure SQL resources in the East US Azure region. The virtual machines must be prevented from accessing any Azure Storage resources.

Which two outbound network security group (NSG) rules should you create? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer: A

Here are the steps and explanations for creating the object that will provide the IP addressing configuration of the on-premises network to the Site-to-Site VPN:

The object that you need to create is called a local network gateway. A local network gateway represents your on-premises network and VPN device in Azure. It contains the public IP address of your VPN device and the address prefixes of your on-premises network that you want to connect to the Azure virtual network1.

To create a local network gateway, you need to go to the Azure portal and selectCreate a resource. Search forlocal network gateway, selectLocal network gateway, then selectCreate2.

On theCreate local network gatewaypage, enter or select the following information and accept the defaults for the remaining settings:

Name: Type a unique name for your local network gateway.

IP address: Type the public IP address of your VPN device, which is 131.107.50.60 in this case.

Address space: Type the internal address range of your on-premises network, which is 10.10.0.0/16 in this case.

Subscription: Select your subscription name.

Resource group: Select your resource group name.

Location: Select the same region as your virtual network.

SelectReview + createand then selectCreateto create your local network gateway2.


by Melynda at Jun 24, 2024, 09:28 PM

Limited Time Offer

25%

Off

Get Premium AZ-700 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Karon
1 days ago
Alright, let's do this! Time to put on my network security wizard hat and nail this question.
upvoted 0 times
...
Reta
4 days ago
Haha, I bet the correct answer involves a lot of trial and error. Just like my last IT job, always guessing which firewall rules to set up!
upvoted 0 times
...
Dean
12 days ago
I'm not sure about option B. Why would I need to deny access to 168.63.129.0/24? That seems like an odd choice.
upvoted 0 times
...
Carma
18 days ago
But we also need to allow access to Azure SQL resources in the East US region. So, we should create an allow rule for that.
upvoted 0 times
...
Princess
20 days ago
I agree with Salome. We need to prevent the virtual machines from accessing Azure Storage.
upvoted 0 times
...
Tijuana
23 days ago
A and D seem like the obvious choices here. I need to allow access to the East US SQL resources and deny access to all Azure Storage resources.
upvoted 0 times
Regenia
5 days ago
Agreed, that will allow access to the East US SQL resources.
upvoted 0 times
...
Antonio
9 days ago
I think we should create an allow rule for the IP address range of Vnet1 to Sq1.EastUS
upvoted 0 times
...
...
Salome
26 days ago
I think we should create a deny rule for Azure Storage resources.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77