AZ-104 · Question #827
AZ-104 Question #827: Real Exam Question with Answer & Explanation
This question tests understanding of Azure Service Endpoint Policies, which allow you to filter virtual network traffic to specific Azure service resources, permitting only approved resources over service endpoints.
Question
Hotspot Question You have an Azure subscription that contains the virtual networks shown in the following table. You add a service endpoint to each subnet as shown in the following table. You create the service endpoint policies shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Answer:
Options
- __typehotspot
- variantyes_no
Explanation
This question tests understanding of Azure Service Endpoint Policies, which allow you to filter virtual network traffic to specific Azure service resources, permitting only approved resources over service endpoints.
Approach. Service endpoint policies work by being associated with subnets that already have a service endpoint configured for a particular service (e.g., Azure Storage). Once a policy is applied to a subnet, only traffic destined for the specific storage accounts/resources listed in the policy is permitted; all other traffic to that service is denied. To evaluate each statement, you must check: (1) whether the subnet has the correct service endpoint type enabled, (2) whether the service endpoint policy is associated with that subnet, and (3) whether the target resource (e.g., a specific storage account) is included in the policy definition. If a subnet has a Storage service endpoint and a policy attached that only allows 'Storage Account A,' then traffic to 'Storage Account B' would be blocked. If no policy is attached to a subnet, the service endpoint allows traffic to all resources of that service type. Statements should be evaluated Yes if the combination of endpoint + policy permits the described traffic flow, and No if the policy restricts or the endpoint is missing.
Concept tested. Azure Service Endpoint Policies - understanding how service endpoints restrict network traffic to specific Azure PaaS resources at the subnet level, and how associating a policy with a subnet further limits which specific resource instances (e.g., particular storage accounts) are accessible over that endpoint.
Topics
Community Discussion
No community discussion yet for this question.