ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Domain 4.4: Network SolutionsDomain 4.4Private LinkPaaS Security
This question is part of a case study — click to read the full scenario(Case 51)

CASE STUDY: Contoso Ltd is a global financial services firm with 10,000 employees. They have a primary on-premises data center in London and a secondary in New York. They are migrating to Azure and require a hub-and-spoke network topology. Requirements: 1) Secure connectivity between on-premises and Azure with at least 5 Gbps throughput and redundancy. 2) Centralized inspection of all outbound internet traffic from spoke VNets. 3) Spoke VNets must communicate with each other securely. 4) PaaS services (Storage, SQL) must be accessed privately without traversing the public internet. 5) Web applications in spokes require WAF protection and global load balancing.

Question 1 of 5: To meet Requirement 1 (Secure connectivity with at least 5 Gbps throughput and redundancy), which hybrid connectivity solution should you recommend?

View full case study page →

AZ-305 · Question 54 · Domain 4.4: Network Solutions

CASE STUDY: Contoso Ltd is a global financial services firm with 10,000 employees. They have a primary on-premises data center in London and a secondary in New York. They are migrating to Azure and require a hub-and-spoke network topology. Requirements: 1) Secure connectivity between on-premises and Azure with at least 5 Gbps throughput and redundancy. 2) Centralized inspection of all outbound internet traffic from spoke VNets. 3) Spoke VNets must communicate with each other securely. 4) PaaS services (Storage, SQL) must be accessed privately without traversing the public internet. 5) Web applications in spokes require WAF protection and global load balancing.

Question 4 of 5: To meet Requirement 4 (PaaS services accessed privately without traversing the public internet), which technology should you implement?

Answer options:

A.

Service Endpoints.

B.

Azure Private Link (Private Endpoints).

C.

Azure VPN Gateway.

D.

Network Security Groups (NSGs).

How to approach this question

Differentiate between Service Endpoints and Private Endpoints.

Full Answer

B.Azure Private Link (Private Endpoints).✓ Correct
Azure Private Link enables you to access Azure PaaS Services (like Storage and SQL) over a Private Endpoint in your VNet. Traffic between your VNet and the service travels the Microsoft backbone network, eliminating exposure to the public internet.

Common mistakes

Selecting Service Endpoints, which do not allow on-premises access via ExpressRoute/VPN natively like Private Endpoints do.
53All questions55

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 6

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01Contoso Ltd is a global manufacturing company with 50,000 employees. They operate a mix of on-pre...MediumQ02A financial institution has 500 Windows Server VMs on-premises and 200 VMs in Azure. They need to...HardQ03An enterprise uses Azure Sentinel and Log Analytics. They ingest 500 GB of logs daily. The IT bud...HardQ04You are designing a monitoring strategy for a new Azure deployment consisting of App Service, Azu...EasyQ05A healthcare company uses Microsoft Entra ID (Azure AD). They need to implement a security policy...Medium
View all 55 questions →