Microsoft Azure Security Technologies — Question 73

You have an Azure subscription that contains a storage account named storage1 and a virtual machine named VM1.

VM1 is connected to a virtual network named VNet1 that contains one subnet and uses Azure DNS.

You need to ensure that VM1 connects to storage1 by using a private IP address. The solution must minimize administrative effort.

What should you do?

Answer options

• A. For storage1, disable public network access.
• B. On VNet1, create a new subnet.
• C. For storage1, create a new private endpoint.
• D. Create an Azure Private DNS zone.

Correct answer: C

Explanation

The correct approach is to create a new private endpoint for storage1, allowing VM1 to connect to it directly via a private IP address. Disabling public network access (Option A) does not inherently provide a private connection. Creating a new subnet (Option B) is unnecessary since VM1 is already in the correct network, and setting up an Azure Private DNS zone (Option D) does not address the requirement for a private connection.