Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

You are securing an Azure Key Vault that stores encryption keys for Azure Backup. Only virtual machines located in the Prod subnet of a virtual network named VNet1 should be able to access the vault. Azure Backup must continue retrieving keys during backups. Which network configuration meets both requirements?

  • Configure the firewall to Allow selected networks, add the Prod subnet of VNet1, and enable the Allow trusted Microsoft services to bypass firewall option.

  • Set Public network access to Disabled and deploy a private endpoint for the vault in the Prod subnet.

  • Enable a Microsoft.KeyVault service endpoint on VNet1 and keep the firewall default action set to Allow.

  • Add the public IP addresses of the virtual machines to the vault firewall and clear the Allow trusted Microsoft services option.

Microsoft Azure Security Engineer Associate AZ-500
Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot