Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Microsoft Exam AZ-120 Topic 17 Question 87 Discussion

Actual exam question for Microsoft's AZ-120 exam
Question #: 87
Topic #: 17
[All AZ-120 Questions]

You have an existing SAP landscape on Azure. All SAP virtual machines are on the same virtual network. The SAP application servers, SAP management servers, and SAP database servers are each on their own subnet

You need to ensure that only the application and management servers can access the subnet to which the database servers connect

What should you configure?

Show Suggested Answer Hide Answer
Suggested Answer: B

Contribute your Thoughts:

Sheridan
6 months ago
I believe Azure Key Vault secrets might not be the best choice here, as we need to control access between specific subnets.
upvoted 0 times
...
Ernest
6 months ago
But wouldn't NSGs be easier to manage and more cost-effective in this scenario?
upvoted 0 times
...
Yesenia
6 months ago
I personally think Azure Application Gateway and firewall rules could also be a good option to control traffic.
upvoted 0 times
...
France
6 months ago
I agree with Ernest. NSGs are the best option to restrict access between different subnets.
upvoted 0 times
...
Ernest
6 months ago
I think we should configure network security groups (NSGs) to control the traffic between subnets.
upvoted 0 times
...
Dorsey
6 months ago
Key Vault secrets are more for storing sensitive information, not for controlling access within a virtual network
upvoted 0 times
...
Ryann
6 months ago
What about using Azure Key Vault secrets for extra security?
upvoted 0 times
...
Tyisha
6 months ago
I believe NSGs are sufficient as they can control traffic at the network level
upvoted 0 times
...
Leila
7 months ago
But wouldn't Azure Application Gateway and firewall rules be more effective in this scenario?
upvoted 0 times
...
Trina
7 months ago
I agree, NSGs can help us control traffic to the database servers subnet
upvoted 0 times
...
Terina
7 months ago
I think we should configure network security groups (NSGs)
upvoted 0 times
...
Gracia
8 months ago
Seriously, though, I think the NSGs are the way to go here. It's the most straightforward solution and it's what I would recommend to a client. Plus, it's a core Azure networking concept, so it's probably the answer they're looking for.
upvoted 0 times
...
Sabine
8 months ago
Haha, you guys are really overthinking this! I bet the answer is just to use some good old-fashioned network security groups. Simple and effective, just the way I like it.
upvoted 0 times
...
Shaun
8 months ago
Hmm, I was leaning towards B - Azure Application Gateway and firewall rules. That sounds like a more comprehensive solution that could handle the network traffic management. But I'm not 100% sure, we should really dig into the details on this one.
upvoted 0 times
Norah
6 months ago
That's true, but NSGs specifically cater to network security needs, which might be more suitable in this scenario.
upvoted 0 times
...
Ashleigh
6 months ago
But wouldn't Azure Application Gateway and firewall rules also be able to control traffic flow between different subnets?
upvoted 0 times
...
Billye
7 months ago
I agree with you. NSGs provide granular control over inbound and outbound traffic.
upvoted 0 times
...
Norah
7 months ago
I think C) network security groups (NSGs) would be the best option to restrict access to specific subnets.
upvoted 0 times
...
...
Sang
8 months ago
Haha, you know what would be really funny? If the answer was actually all of the above. Just go full-on security overkill on this SAP landscape. I bet that would confuse the heck out of the exam proctors.
upvoted 0 times
...
Tamie
8 months ago
You know, I was just reading about this in the Azure documentation. I think the answer is C - network security groups (NSGs). That's the way to go to control the traffic between the subnets and ensure only the application and management servers can access the database subnet.
upvoted 0 times
...
Kristel
8 months ago
Azure Key Vault secrets? Really? Come on, that's just silly. How is that going to help us control access to the database subnet? I think you're all overthinking this. Network security groups are the way to go. Simple and effective.
upvoted 0 times
...
Claribel
8 months ago
Ah, this is a tricky one! I'm not sure about the exact solution, but I think it has something to do with network security. Maybe we need to set up some firewall rules or network security groups to control the access?
upvoted 0 times
...
Alishia
8 months ago
Nah, you guys are way off base. It's clearly Azure Application Gateway and firewall rules. That's the best way to control access and secure that database subnet. Plus, you get all sorts of fancy load balancing and stuff with the Application Gateway. Definitely the way to go.
upvoted 0 times
Wai
8 months ago
B) Azure Application Gateway and firewall rules
upvoted 0 times
...
Jackie
8 months ago
C) network security groups (NSGs)
upvoted 0 times
...
Brunilda
8 months ago
B) Azure Application Gateway and firewall rules
upvoted 0 times
...
Ivette
8 months ago
A) Azure Key Vault secrets
upvoted 0 times
...
Hui
8 months ago
C) network security groups (NSGs)
upvoted 0 times
...
...
German
8 months ago
Hmm, I'm not so sure. What about Azure AD service principals? That could work too, right? We could set up some role-based access controls and restrict access that way. Seems like a more robust solution than just relying on network security groups.
upvoted 0 times
...
Bernardine
8 months ago
Ah, this question is a tricky one! I bet the exam writer had a field day coming up with this one. Let's see, I'm thinking network security groups (NSGs) would be the way to go here. That way, we can control access to the database subnet and only allow the app and management servers to connect. Easy peasy, right?
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77