Which method should be recommended to ensure that only application servers can access Azure Blob Storage?

Disable ads (and more) with a premium pass for a one time $4.99 payment

Master the Microsoft Cybersecurity Architect Expert exam with our comprehensive SC-100 quiz. Learn with detailed questions, explanations, and get exam-ready with expert insights!

Recommending the use of inbound rules in network security groups (NSGs) to ensure that only application servers can access Azure Blob Storage leverages Azure's capability to control access at the network level. NSGs can specify which IP addresses or subnets are allowed to access specific resources, effectively limiting access to designated application servers.

This method is particularly effective for scenarios where you may have a defined set of application servers that need to communicate with Azure Blob Storage. By configuring the inbound rules, you ensure that only traffic originating from the specified application servers is allowed, thus enhancing security and minimizing the risk of unauthorized access from other sources.

While other options, such as Azure Active Directory authentication and Azure Firewalls, offer robust security and management capabilities, they serve different purposes and may not directly restrict access solely to specific application servers in the most efficient manner. Private endpoints provide a private IP address for the storage account but may not strictly enforce access control based on the source application servers unless combined with additional networking rules. Therefore, using inbound rules in NSGs is a straightforward and efficient way to enforce access exclusively from your application servers to Azure Blob Storage.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy