Home › Azure AZ-500 › cloudcomputing › az500networking › Which Azure networking feature should a security…
Which Azure networking feature should a security engineer use to give an Azure storage account a VNet-tagged access path for resources inside that VNet — without setting up a Private Endpoint?
AVirtual network Service Endpoint (with storage firewall rules limiting access to that VNet)
BHardcoded credentials in source code
CPublic storage with anonymous read
DAzure DNS
Answer & Solution
Correct answer: A. Virtual network Service Endpoint (with storage firewall rules limiting access to that VNet)
Service Endpoints + storage firewall rules are the simpler VNet-tagged-access pattern (per AZ-500 §2 private access). The other options are insecure.
Related questions
Which Azure Virtual Network feature should a security engineer use to define custom routinWhich Azure tool should a security engineer use to capture and analyse VNet traffic flows Which Microsoft Defender for Cloud feature lets a security engineer OPEN management ports Which Azure service lets a security engineer SSH or RDP into a VM through the Azure portalWhich Azure networking feature should a security engineer use to give a VM-hosted workloadWhich Azure DDoS protection tier should a security engineer recommend for an internet-faciWhich Azure global edge service should a security engineer use to protect a globally-distrWhich Azure service is the canonical L7 application gateway with built-in Web Application