Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Azure AZ-700 > Design and implement private access to Azure Services > Flashcards

Design and implement private access to Azure Services Flashcards

1
Q

What is a Virtual Network Service Endpoint?

A

Virtual Network (VNet) service endpoint provides secure and direct connectivity to Azure services.

  • Service Endpoints enables private IP addresses in the VNet to reach the endpoint of an Azure service without needing a public IP address.
  • By default, Azure services are all designed for direct internet access.
  • Uses the Microsoft Backbone, which means we can keep all traffic private.
  • Still uses the Public Endpoints
  • Enabled for a specific Resource Provider for the given subnet
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Service Tags

A

A service tag is a Microsoft-managed group of IP address prefixes for an Azure service. It automatically updates as addresses change, reducing the need for manual network security rule updates.

  • Is suitable for rules that cover inbound or outbound traffic.
  • Supports regional scope.
  • Is usable in Azure Firewall rules.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Azure Private Link?

A

It enables customers to securely access services hosted on these cloud platforms privately, without exposing them to the public internet.

  • The Azure resource becomes, in a sense, a part of your virtual network.
  • Uses the Microsoft Backbone
  • You can configure the Azure resource to no longer expose its public IP address

What is Azure Private Endpoint?
Private Endpoint is a network interface that enables a private and secure connection between your virtual network and an Azure service

  • Extension of resources into your VNet and give them a private IP
  • On-premises resources connected via VPN or a VNet that is peered, they can access the private endpoint as well

Properties
* The subresource to connect. Each Private Link resource type has different options to select based on preference.
* An automatic or manual connection approval method
* Only Private Endpoints in an approved state can be used to send traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Azure Private Link Service?

A

Allows you to expose your own services privately over Azure Private Link.

  • Lets you create a custom private service within your VNet.
  • Other VNets (even from different customers/tenants) can access your service privately via Private Link.
  • Example: If you run a custom API or a third-party SaaS application, you can offer it privately using Private Link Service.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Azure Private Endpoint DNS

A
  • Private DNS Zones are used for name resolution when integrating Azure Private Link with DNS.
  • Traffic must be redirected to private IPs instead of default public endpoints.
  • The IP address 168.63.129.16 is an Azure system-managed virtual public IP used for:
    -VM communication with Azure.
    -DNS resolution via Azure-provided DNS.
    -Health probes, DHCP, and PaaS service heartbeat checks.

DNS Forwarder
Is a DNS server that forwards queries to another DNS server instead of resolving them itself. It is commonly used to manage name resolution across different networks (e.g., on-premises to Azure).

  • It works in a hub-spoke topology, forwarding on-prem DNS queries to Azure Private DNS.
  • Integrates with ExpressRoute and Azure Firewall to create a secure hybrid network.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Azure AZ-700 (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions