ExpertHard1 markMultiple Choice
AZ-305 · Question 39 · Domain 4.1: Compute Solutions
You are designing an Azure Kubernetes Service (AKS) cluster. The security team requires that every pod receives an IP address from the Azure Virtual Network subnet. Additionally, you must be able to enforce network policies to restrict traffic between pods. Which TWO networking options must you configure? (Select TWO)
You are designing an Azure Kubernetes Service (AKS) cluster. The security team requires that every pod receives an IP address from the Azure Virtual Network subnet. Additionally, you must be able to enforce network policies to restrict traffic between pods. Which TWO networking options must you configure? (Select TWO)
Answer options:
A.
Azure CNI networking.
B.
Kubenet networking.
C.
Azure Network Policies or Calico.
D.
Azure Firewall.
E.
Service Endpoints.
How to approach this question
Identify the AKS network plugin that uses VNet IPs and the feature for pod isolation.
Full Answer
A,C
Azure CNI assigns IP addresses from the Azure Virtual Network directly to pods. To restrict traffic between pods within the cluster, you must enable Network Policies (either Azure Network Policies or Calico).
Common mistakes
Selecting Kubenet, which uses NAT and does not give pods VNet IP addresses.
Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 6
55 questions · hints · full answers · grading
More questions from this exam
Q01Contoso Ltd is a global manufacturing company with 50,000 employees. They operate a mix of on-pre...MediumQ02A financial institution has 500 Windows Server VMs on-premises and 200 VMs in Azure. They need to...HardQ03An enterprise uses Azure Sentinel and Log Analytics. They ingest 500 GB of logs daily. The IT bud...HardQ04You are designing a monitoring strategy for a new Azure deployment consisting of App Service, Azu...EasyQ05A healthcare company uses Microsoft Entra ID (Azure AD). They need to implement a security policy...Medium