Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

You are designing a new Azure Kubernetes Service (AKS) cluster for a confidential workload. Security requirements state that:

  • The Kubernetes API server endpoint must not be reachable from the public Internet.
  • Pods must be able to communicate with resources located in the same virtual network without network address translation (SNAT).

Which AKS deployment option satisfies both requirements?

  • Create an AKS public cluster behind an Application Gateway Ingress Controller with a private frontend.

  • Create an AKS private cluster that uses the Azure CNI network plugin.

  • Create an AKS public cluster that uses Kubenet networking and Azure Network Policies.

  • Create an AKS public cluster and restrict the API server using authorized IP address ranges.

Microsoft Azure Security Engineer Associate AZ-500
Secure compute, storage, and databases
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot