Microsoft Azure Architect Design (legacy) — Question 25
You use a virtual network to extend an on-premises IT environment into the cloud. The virtual network has two virtual machines (VMs) that store sensitive data.
The data must only be available using internal communication channels. Internet access to those VMs is not permitted.
You need to ensure that the VMs cannot access the Internet.
Which two options should you recommend? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
Answer options
- A. network interface (NIC)
- B. Source Network Address Translation (SNAT)
- C. Azure ExpressRoute
- D. Network Security Groups (NSG)
Correct answer: C, D
Explanation
The correct options, Azure ExpressRoute and Network Security Groups (NSG), provide a way to create secure connections without Internet access. Azure ExpressRoute offers a private connection to Azure, while NSGs allow you to create rules that restrict Internet access for the VMs. The other options, NIC and SNAT, do not directly address the requirement of preventing Internet access.