Question 1

You are designing the security architecture for an Azure Storage Account.

The Storage Account must only be accessible from a specific subnet within your Azure Virtual Network. Furthermore, the traffic must not traverse the public internet, and the Storage Account must be assigned a private IP address from your VNet so it can be accessed via an ExpressRoute connection from on-premises.

Which TWO components are required to meet these requirements? (Select TWO)

Accepted Answer

Requirement: 'assigned a private IP address'. This means Private Link/Endpoint, not Service Endpoints. Private Endpoints require DNS resolution.

Question 2

What mistakes do candidates make on this AZ-305 question?

Accepted Answer

Selecting Service Endpoints. Service Endpoints optimize routing but do not give the PaaS service a private IP address, meaning on-premises resources cannot easily access it over ExpressRoute.

How to approach this question

Full Answer

Common mistakes

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 4

More questions from this exam