AZ-500 Question #519: Real Exam Question with Answer & Explanation

Submitted by hans_de· Mar 6, 2026Configure and manage virtual networking - specifically implementing private access to Azure PaaS services using Private Endpoints and understanding sub-resource targeting and network scope limitations (AZ-104 / AZ-700 Networking domain)

Question

Hotspot Question You have an Azure subscription that contains the virtual networks shown in the following table. The subscription contains the virtual machines shown in the following table. You have a storage account named contoso2024 that contains the following resources: - A container named Container1 that contains a file named File1 - A file share named Share1 that contains a file named File2 You create a private endpoint for contoso2024 as shown in the following exhibit. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Answer:

Explanation

The private endpoint for contoso2024 is created in VNet1, which is the same virtual network where VM1 resides, allowing VM1 to resolve and access the storage account's blob service (Container1/File1) via a private IP address. VM2 resides in VNet2, which is not peered or connected to VNet1, so it cannot reach the private endpoint's private IP address and therefore cannot access File1 or File2 via private IP. Additionally, the private endpoint shown in the exhibit is configured specifically for the 'blob' sub-resource (not 'file'), meaning even if VM2 could reach the endpoint, File2 on Share1 (which requires the 'file' sub-resource endpoint) would not be accessible through this private endpoint.

Topics

#Azure Private Endpoints#Azure Storage Networking#Virtual Network Connectivity#Azure Blob vs File Storage

Community Discussion

No community discussion yet for this question.

Full AZ-500 Practice Browse All AZ-500 Questions