Microsoft Azure Fundamentals — Question 302

What should you use to prevent traffic from an Azure virtual network from being routed to an Azure Storage account via the internet?

Answer options

• A. a network security group (NSG)
• B. a public endpoint
• C. Azure VPN Gateway
• D. a service endpoint

Correct answer: D

Explanation

Using a service endpoint allows the Azure virtual network to connect directly to the Azure Storage account without going through the internet, thus securing the traffic. In contrast, a network security group (NSG) controls inbound and outbound traffic but does not prevent internet routing. A public endpoint exposes the service to the internet, and Azure VPN Gateway is used for secure connections but does not directly prevent internet routing to the storage account.