This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
A storage account has firewall rules configured with specific virtual network rules. An Azure Machine Learning workspace in the same subscription needs to access the storage account, but the workspace can't be placed in a virtual network. What network rule type should be configured to grant access?
An IP network rule for the workspace's outbound IP addresses
A virtual network rule for the subnet where the workspace is deployed
A resource instance rule scoped to the Azure Machine Learning workspace
A trusted service exception for Azure Machine Learning
A security team wants to completely eliminate public endpoint exposure for a storage account so all traffic flows through private IP addresses. Which approach achieves this goal?
Configure IP network rules to restrict access to the virtual network address space
Enable virtual network service endpoints for the storage account subnet
Deploy a private endpoint for the storage account and disable public network access
Enable the secure transfer required option on the storage account
A storage account has both virtual network rules and IP network rules configured. A client in a subnet that has a VNet service endpoint for Azure Storage sends a request. The client's subnet IP falls within an IP network rule. Which statement correctly describes firewall rule evaluation?
The IP network rule is evaluated first and applies because it's explicitly configured
The VNet rule applies; service endpoint traffic uses a private source IP so IP rules no longer affect it
Both rules apply simultaneously and the most permissive rule takes effect
Service endpoint traffic bypasses all firewall rules
You must answer all questions before checking your work.
Was this page helpful?
Need help with this topic?
Want to try using Ask Learn to clarify or guide you through this topic?