Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

You have an Azure Storage account named contososa and create a private endpoint for it in VNET1. Virtual machines in VNET1 resolve contososa.blob.core.windows.net to the private IP, but on-premises servers connected through a site-to-site VPN still receive the public IP. You must ensure on-premises servers use the private endpoint without changing connection strings. What should you do?

  • Add an A record for contososa.blob.core.windows.net in the on-premises DNS zone that points to the private IP address.

  • Disable public network access on the storage account.

  • Enable an Azure Storage service endpoint on the VPN gateway subnet.

  • Configure the on-premises DNS servers to forward the zone privatelink.blob.core.windows.net to a DNS forwarder hosted in VNET1.

Microsoft Azure Security Engineer Associate AZ-500
Secure networking
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot