You need to provide connectivity to storage1. The solution must meet the PaaS networking requirements and the business requirements.
What should you include in the solution?
A. a service endpoint
B. Azure Front Door
C. a private endpoint
D. Azure Traffic Manager
Answer: C
Explanation:
To provide connectivity to the storage1 account while meeting the PaaS networking requirements and the business requirements, you should consider what each of the options offers:
A. Service Endpoint: Service Endpoints provide secure and direct connectivity to Azure services over the Azure backbone network. When you enable a service endpoint for a particular service in your virtual network, traffic from your VNet to the service will always stay on the Azure backbone network. However, this does not fully restrict access to the service to only your VNet, as the public endpoint for the service is still accessible over the internet.
B. Azure Front Door: Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications. It combines various traffic-routing and load-balancing services but does not inherently restrict access to a storage account from a network security perspective.
C. Private Endpoint: A private endpoint is a network interface that connects you privately and securely to a service powered by Azure Private Link. A private endpoint uses a private IP address from your VNet, effectively bringing the service into your VNet. All traffic to the service can be routed through the private IP address, making it the most suitable option for securing and privatizing the network connection.
D. Azure Traffic Manager: Azure Traffic Manager is a DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global Azure regions while providing high availability and responsiveness. However, it is not a solution for securing access to a storage account.
Considering the requirement to make the storage1 account accessible from all on-premises locations without exposing the public endpoint, the correct choice would be:
C. a private endpoint.
This is because a private endpoint allows the storage account to be accessed over a private link. The traffic between the on-premises network and the storage account traverses through the private link, never entering the public internet, thus not exposing the public endpoint of the storage1 account. This meets both the PaaS networking requirements and the business requirement of not exposing the storage account to public access.
Latest AZ-700 Dumps Valid Version with 59 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund