Microsoft Azure Administrator Associate AZ-104 Practice Question
A company requires that their Azure Storage account be accessible only through a private IP address within their virtual network, removing exposure to the public internet. What should an administrator configure to meet this requirement?
Apply a Network Security Group to the virtual network subnet
Use Shared Access Signatures with network restrictions
To ensure the storage account is accessible only via a private IP address within the virtual network, the administrator should set up a private endpoint for the storage account. A private endpoint assigns a network interface with a private IP in the virtual network to the storage service, enabling secure, private connectivity. Enabling service endpoints extends the virtual network identity to the storage account but still uses the public IP address of the service. Shared Access Signatures with network restrictions limit resource access but do not prevent public network exposure. Applying a Network Security Group controls traffic at the subnet level but cannot restrict access to the storage account over the public internet.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a private endpoint in Azure?
Open an interactive chat with Bash
What are service endpoints and how do they differ from private endpoints?
Open an interactive chat with Bash
What are Shared Access Signatures (SAS) and how do they enhance security?
Open an interactive chat with Bash
Microsoft Azure Administrator Associate AZ-104
Implement and manage storage
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access