Practice free →
HomeAzure AZ-500cloudcomputingaz500defendersentinel › Which Azure Key Vault network setting should a s…

Which Azure Key Vault network setting should a security engineer enable to restrict access to specific VNet subnets + known IP ranges only — blocking access from the wider internet?

AAzure DNS
BKey Vault firewall rules + private endpoint (with public network access disabled)
CPublic access from anywhere with no firewall
DSharing Key Vault credentials publicly
Answer & Solution
Correct answer: B. Key Vault firewall rules + private endpoint (with public network access disabled)
Key Vault firewall + private endpoint restricts access (per AZ-500 §4 Key Vault network). The other options expose secrets.
Solve this in the app — Azure AZ-500 practice & 24k+ MCQs →
Related questions