Microsoft Azure Security Technologies (AZ-500)

Disable ads (and more) with a membership for a one time $4.99 payment

Study for the Microsoft Azure Security Technologies (AZ-500) exam. Prepare with well-structured questions and detailed explanations. Enhance your understanding and improve your readiness for the certification exam!

Practice this question and more.

What must be installed on an Azure virtual machine to ensure Docker containers can access Azure Storage and Azure SQL databases via a service endpoint?

Create an application security group
Install the container network interface (CNI) plug-in
Create an AKS Ingress controller
Deploy an Azure Load Balancer

The correct answer is: Install the container network interface (CNI) plug-in

To enable Docker containers running on an Azure virtual machine to access Azure Storage and Azure SQL databases via a service endpoint, it is necessary to install the container network interface (CNI) plug-in. The CNI plug-in is vital as it facilitates advanced networking capabilities for the containers, allowing them to connect securely to Azure resources over the virtual network. By installing the CNI plug-in, the containers can utilize Azure's networking features, such as service endpoints. This enhances communication with Azure services by providing direct access to the Azure backbone instead of routing traffic over the public internet. As a result, data transfer becomes more secure and efficient. The other alternatives do not provide the specific functionality required for secure network access from Docker containers to Azure services. Creating an application security group primarily focuses on managing network security in Azure, while an AKS Ingress controller is related to managing external access to services within Azure Kubernetes Service, not standalone virtual machines. Deploying an Azure Load Balancer is relevant for distributing network traffic but does not directly affect a container's access to Azure Storage or SQL databases through service endpoints.