You are designing an Azure Kubernetes Service (AKS) cluster. The security team requires that every pod receives an IP address from the Azure Virtual Network subnet. Additionally, you must be able to enforce network policies to restrict traffic between pods. Which TWO networking options must you configure? (Select TWO)

Answer options:

Azure CNI networking.

Kubenet networking.

Azure Network Policies or Calico.

Azure Firewall.

Service Endpoints.

How to approach this question

Identify the AKS network plugin that uses VNet IPs and the feature for pod isolation.

Full Answer

Azure CNI assigns IP addresses from the Azure Virtual Network directly to pods. To restrict traffic between pods within the cluster, you must enable Network Policies (either Azure Network Policies or Calico).

Common mistakes

Selecting Kubenet, which uses NAT and does not give pods VNet IP addresses.

Question 38 All questions Question 40

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 6

55 questions · hints · full answers · grading

More questions from this exam

Q01Contoso Ltd is a global manufacturing company with 50,000 employees. They operate a mix of on-pre...Medium Q02A financial institution has 500 Windows Server VMs on-premises and 200 VMs in Azure. They need to...Hard Q03An enterprise uses Azure Sentinel and Log Analytics. They ingest 500 GB of logs daily. The IT bud...Hard Q04You are designing a monitoring strategy for a new Azure deployment consisting of App Service, Azu...Easy Q05A healthcare company uses Microsoft Entra ID (Azure AD). They need to implement a security policy...Medium

View all 55 questions →