Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft Exam AZ-104 Topic 1 Question 114 Discussion

Actual exam question for Microsoft's AZ-104 exam
Question #: 114
Topic #: 1
[All AZ-104 Questions]

You have an Azure subscription that contains 10 virtual machines, a key vault named Vault 1, and a network security group (NSG) named NSG1. All the resources are deployed to the East US Azure region.

The virtual machines are protected by using NSG1. NSG1 is configured to block all outbound traffic to the internet.

You need to ensure that the virtual machines can access Vault1. The solution must use the principle of least privilege and minimize administrative effort.

What should you configure as the destination of the outbound security rule for NSG1?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Margurite at Jan 22, 2025, 04:11 AM

Limited Time Offer

25%

Off

Get Premium AZ-104 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Juliana
1 days ago
Hmm, this question is making me hungry. I could really go for a key lime pie right about now. But I digress, I think A) a service tag is the way to go.
upvoted 0 times
...
Samuel
7 days ago
I believe using an application security group might be a better choice to ensure least privilege.
upvoted 0 times
...
Teddy
9 days ago
I'm not sure, but I think a service tag could also work for this scenario.
upvoted 0 times
...
Nohemi
10 days ago
I'm going with A) a service tag. It's the easiest and most flexible option, and who doesn't love a little 'tag, you're it' action?
upvoted 0 times
...
Karl
11 days ago
B) an application security group is the way to go. That way, we can group the virtual machines and Key Vault together and easily manage the access rules.
upvoted 0 times
...
Rebbeca
12 days ago
C) an IP address range seems like the most secure option. That way, we can explicitly allow access to the Key Vault IP address range and block everything else.
upvoted 0 times
...
Toi
14 days ago
I think the answer should be A) a service tag. Virtual machines can access Key Vault using the 'KeyVault' service tag, which is the least privileged and easiest to manage option.
upvoted 0 times
...
Maryann
15 days ago
I agree with Dwight, using an IP address range would be the best option.
upvoted 0 times
...
Dwight
1 months ago
I think we should configure an IP address range as the destination.
upvoted 0 times
...

Save Cancel