Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

You manage an Azure Key Vault named kv-prod. The security team requires that the vault be reachable only from resources deployed in subnet App1 of the Prod-Services virtual network. Azure Backup must still be able to perform backups of the vault. Which network configuration meets the requirements?

  • Disable public network access and add a firewall rule for the public IP range used by Azure Backup.

  • Enable public network access, set network rules to Selected networks, add the Prod-Services/App1 subnet, and keep the Allow trusted Microsoft services bypass option disabled.

  • Enable public network access, set network rules to Selected networks, add the Prod-Services/App1 subnet, and enable the Allow trusted Microsoft services bypass option.

  • Disable public network access, create a private endpoint in the Prod-Services/App1 subnet, and keep the Allow trusted Microsoft services bypass option disabled.

Microsoft Azure Security Engineer Associate AZ-500
Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot