AZ-700 · Question #353
AZ-700 Question #353: Real Exam Question with Answer & Explanation
The correct answer is A: To Policy1, add a resource.. Azure Service Endpoint Policies filter outbound traffic from a subnet to only the specified Azure Storage resources. When Azure Batch is deployed to a subnet that has a service endpoint policy, Batch compute nodes need to access not only the user's storage account (storage1) but
Question
You have an Azure subscription that contains the resources shown in the following table. Subnet1 is associated with a service endpoint policy named Policy1. Policy1 specifies a single resource that references storage1. To Subnet1, you deploy an Azure Batch pool named Pool1. You need to ensure that the compute resources in Pool1 can access storage1. What should you do?
Options
- ATo Policy1, add a resource.
- BTo Policy1, add an alias.
- CTo Subnet1, add a storage endpoint for the storage service.
- DTo Subnet1, add a subnet delegation.
Explanation
Azure Service Endpoint Policies filter outbound traffic from a subnet to only the specified Azure Storage resources. When Azure Batch is deployed to a subnet that has a service endpoint policy, Batch compute nodes need to access not only the user's storage account (storage1) but also Azure Batch's own internal/system storage accounts used for node bootstrapping, task output, and platform operations. Policy1 currently only references storage1, which is insufficient for Batch's operational requirements. The fix is to add the additional required resource (the Azure Batch service-associated storage) to Policy1. Option B (add an alias) is used for allowing entire service categories, which is broader than needed. Option C (add a storage endpoint) is already implied by having the policy. Option D (subnet delegation) controls which Azure services can be injected into the subnet, which is unrelated to the storage access filtering issue.
Community Discussion
No community discussion yet for this question.