Question 1

You have an Azure Virtual Network (VNet) containing several Virtual Machines.

The VMs need to access an Azure Storage account to read configuration files. The security team mandates that traffic between the VNet and the Storage account must NOT traverse the public internet. Furthermore, the VMs must only be able to access this specific Storage account, and access to any other Azure Storage accounts must be blocked at the network level.

Which feature should you implement?

Accepted Answer

Differentiate between Service Endpoints (grants access to the whole service) and Private Endpoints (grants access to a specific resource instance).

Question 2

What mistakes do candidates make on this AZ-305 question?

Accepted Answer

Choosing Service Endpoints. While Service Endpoints keep traffic on the Azure backbone, they do not easily restrict access to a *single* storage account without additional complex configurations.

How to approach this question

Full Answer

Common mistakes

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 2

More questions from this exam