Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

Your company has an Azure virtual network VNet1 with a subnet named AppSubnet hosting application servers. The applications use an Azure Storage account named contosodata. You must ensure traffic from AppSubnet to contosodata stays on the Microsoft backbone and that the storage firewall blocks internet-originated traffic, with minimal application changes. What should you do first?

  • Add a user-defined route on AppSubnet that sends all traffic destined for contosodata to the Internet next hop.

  • Enable the Microsoft.Storage service endpoint for AppSubnet, then add AppSubnet to the storage account's virtual network firewall rules.

  • Associate an application security group that contains the storage account with AppSubnet.

  • Create a private endpoint for contosodata in AppSubnet and disable public network access on the storage account.

Microsoft Azure Security Engineer Associate AZ-500
Secure networking
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot