Home › Azure AZ-500 › cloudcomputing › az500defendersentinel › Which Azure Key Vault network setting should a s…
Which Azure Key Vault network setting should a security engineer enable to restrict access to specific VNet subnets + known IP ranges only — blocking access from the wider internet?
AAzure DNS
BKey Vault firewall rules + private endpoint (with public network access disabled)
CPublic access from anywhere with no firewall
DSharing Key Vault credentials publicly
Answer & Solution
Correct answer: B. Key Vault firewall rules + private endpoint (with public network access disabled)
Key Vault firewall + private endpoint restricts access (per AZ-500 §4 Key Vault network). The other options expose secrets.
Related questions
Which Azure feature should a security engineer use to BACK UP Key Vault keys + secrets + cWhich Azure governance service should a security engineer use to define and assign policieWhich Microsoft Sentinel feature lets a security engineer automatically respond to incidenWhich Microsoft Sentinel feature lets a security engineer define KQL queries that automatiWhich Microsoft Sentinel feature lets a security engineer ingest data from Azure / MicrosoWhich Microsoft service is Azure's cloud-native SIEM + SOAR — ingesting logs from many souWhich Microsoft Defender for Cloud feature lets a security engineer connect AWS / GCP enviWhich Microsoft Defender for Cloud plan should a security engineer enable to detect SQL in