Microsoft Azure Administrator (legacy) — Question 6

You have an Azure subscription that contains a storage account named account1.
You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The on-premises network uses a public IP address space of
131.107.1.0/24.
You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24.
You need to configure account1 to meet the following requirements:
✑ Ensure that you can upload the disk files to account1.
✑ Ensure that you can attach the disks to VM1.
✑ Prevent all other access to account1.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

Answer options

• A. From the Firewalls and virtual networks blade of account1, add VNet1.
• B. From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to access this storage account.
• C. From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range.
• D. From the Firewalls and virtual networks balde of account1, select Selected networks.
• E. From the Service endpoints blade of VNet1, add a service endpoint.

Correct answer: D, E

Explanation

The correct answers are D and E. Selecting 'Selected networks' allows you to specify which networks can access account1, ensuring that only the required access is granted. Adding a service endpoint in VNet1 allows the virtual network to securely connect to the storage account, facilitating the attachment of the disks to VM1. The other options either do not restrict access adequately or do not directly contribute to the requirements specified.