AZ-500 · Question #574
AZ-500 Question #574: Real Exam Question with Answer & Explanation
The correct answer is B: No. You add each virtual machine to a security group, and then add the security group to a role on You can add Azure virtual machines to a security group and then assign a role to that security group to grant the virtual machines access to Azure resources. This allows you to manage a
Question
Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem. After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen. You have an Azure subscription that contains two virtual machines named VM1 and VM2. Each virtual machine has system-assigned managed identity enabled. You have an Azure Storage account named storage1. Public access from all networks is enabled for storage1. You need to ensure that VM1 and VM2 can access storage1. Solution: You create a private endpoint on storage1. Does this meet the goal?
Options
- AYes
- BNo
Explanation
- You add each virtual machine to a security group, and then add the security group to a role on You can add Azure virtual machines to a security group and then assign a role to that security group to grant the virtual machines access to Azure resources. This allows you to manage access to Azure resources in a more organized and flexible way. * You create a private endpoint on storage1. * You create a user-assigned managed identity, assign the identity to each virtual machine, and then add each managed identity to a role on storage1. We already have managed identities. To grant Azure VMs access to an Azure Storage account, you can use managed identities or by configuring the storage account's networking to allow access from the VM's virtual network. Using Managed Identities: Enable Managed Identity: Enable either system-assigned or user-assigned managed identity on Grant Permissions: Assign the appropriate Azure role (e.g., Storage Blob Data Contributor or Storage Blob Data Reader) to the managed identity, allowing it to access the storage account's Authentication: The VM can then use the managed identity to authenticate and access the storage account without needing to store access keys or other credentials on the VM. https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/tutorial- windows-managed-identities-vm-access
Community Discussion
No community discussion yet for this question.