Answer-first summary for fast verification
Answer: firewall rules for the storage account
To secure your storage account, you should configure firewall rules for the storage account. This involves setting a rule to deny access from all networks by default and then configuring rules to allow access from specific VNets or public internet IP address ranges. This approach ensures that only the application servers can access the blob storage. The other options, such as managed rule sets in WAF policies, inbound rules in NSGs, and service tags in NSGs, do not provide the necessary level of access control specifically for Azure Storage accounts.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your company is planning to provision blob storage using an Azure Storage account. The goal is to make this blob storage accessible from 20 application servers that are located on the internet. To meet the security requirements of this storage account, you need to recommend a solution that ensures that only the designated application servers have access.
The first step to secure your storage account is to configure a rule that denies access to all traffic, including internet traffic, on the public endpoint by default. After setting up this default denial, you need to configure specific rules to allow traffic from designated VNets. Additionally, you can set rules to permit traffic from particular public internet IP address ranges, which would enable connections from specific internet-based or on-premises clients. This layered security setup will help you establish a secure network boundary for your applications. What should you recommend?
A
managed rule sets in Azure Web Application Firewall (WAF) policies
B
inbound rules in network security groups (NSGs)
C
firewall rules for the storage account
D
inbound rules in Azure Firewall
E
service tags in network security groups (NSGs)