Microsoft Azure Security Technologies — Question 70

You have an Azure subscription that contains an Azure key vault named Vault1 and a virtual machine named VM1.

VM1 is connected to a virtual network named VNet1.

You need to allow access to Vault1 only from VM1.

What should you do in the Networking settings of Vault1?

Answer options

• A. From the Firewalls and virtual networks tab, add the IP address of VM1.
• B. From the Private endpoint connections tab, create a private endpoint for VM1.
• C. From the Firewalls and virtual networks tab, add VNet1.
• D. From the Firewalls and virtual networks tab, set Allow trusted Microsoft services to bypass this firewall to Yes for Vault1.

Correct answer: A

Explanation

The correct answer is A, as adding the IP address of VM1 in the Firewalls and virtual networks settings ensures that only traffic from this specific VM can access Vault1. Option B is incorrect because creating a private endpoint would allow access to Vault1 over a private link, which is not limited to VM1. Option C allows access from all resources within VNet1, not just VM1, and option D would allow any trusted Microsoft services to access Vault1, which contradicts the requirement of restricting access solely to VM1.