Allowing Specific IP Ranges with Azure Virtual Networks
Question
To secure your Cognitive Services resource, you configured a rule to deny access to the traffic from all networks by default.
In order to allow specific IP ranges from the Azure network or from your on-premises location, you intend to configure rules that grant access to traffic from specific virtual networks.
?Code snippet to deny network access by default: $parameters = @{ -ResourceGroupName "<resource group name>" -Name "<account name>" -DefaultAction Deny } ……………………………………………….
@parameters ?Code snippet to add a network rule for a virtual network and subnet: $subParameters = @{ -ResourceGroupName "<resource group name>" -Name "<virtual network>" } $subnet = Get-AzVirtualNetwork @subParameters | Get-AzVirtualNetworkSubnetConfig -Name "<subnet>" $parameters = @{ -ResourceGroupName "<resource group name>" -Name "<account name>" -VirtualNetworkResourceId $subnet.Id } ……………………………………………….
@parameters
Review the snippets given above and select the answer choices to complete the code: (select two answer choices)
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answers: B and D.
Option A is incorrect because the objective is to configure Network Rule for a virtual network.
Get-AzCognitiveServicesAccountNetworkRuleSet cmdlet is used to get the NetworkRule property of a Cognitive Services account.
Option B is correct.
In order to add a network rule for a virtual network, you may use the following code:
<pre>$subParameters = @{
-ResourceGroupName "&lt;resource group name&gt;"
-Name "&lt;virtual network&gt;"
}
$subnet = Get-AzVirtualNetwork @subParameters | Get-AzVirtualNetworkSubnetConfig -Name "&lt;subnet&gt;"
$parameters = @{
-ResourceGroupName "&lt;resource group name&gt;"
-Name "&lt;account name&gt;"
-VirtualNetworkResourceId $subnet.Id.
}
Add-AzCognitiveServicesAccountNetworkRule @parameters.
</pre>
Option C is incorrect because Get-AzVirtualNetworkSubnetConfig is used to get a subnet in a virtual network.
$subnet.Id provides that value in this code.
Option D is correct.
In order to deny network access by default, you may use the following code:
<pre>$parameters = @{
-ResourceGroupName "&lt;resource group name&gt;"
-Name "&lt;account name&gt;"
-DefaultAction Deny.
}
Update-AzCognitiveServicesAccountNetworkRuleSet @parameters.
</pre>
Reference:
To learn more about Configure Azure Cognitive Services virtual networks, use the link given below:
The first code snippet is used to deny network access by default to a Cognitive Services resource. This is achieved by setting the DefaultAction parameter to Deny. The parameters that need to be passed to the script are the ResourceGroupName and the Name of the Cognitive Services resource.
The second code snippet is used to add a network rule for a specific virtual network and subnet to allow traffic from that network to the Cognitive Services resource. This is done by retrieving the virtual network and subnet configurations using the Get-AzVirtualNetwork and Get-AzVirtualNetworkSubnetConfig cmdlets. The parameters that need to be passed to the script are the ResourceGroupName, Name of the virtual network, and the Name of the subnet.
Based on the information given, the answer choices that complete the code are:
B. Add-AzCognitiveServicesAccountNetworkRule: This cmdlet is used to add a network rule to a Cognitive Services resource to allow traffic from a specific virtual network or IP address range. In the second code snippet, the parameters needed to configure the network rule are set, but the actual rule is not added yet. Therefore, Add-AzCognitiveServicesAccountNetworkRule needs to be used to add the network rule.
C. Get-AzVirtualNetworkSubnetConfig: This cmdlet is used to retrieve the subnet configuration of a virtual network. In the second code snippet, this cmdlet is used to retrieve the subnet configuration of the specified subnet in the virtual network, which is then used to set the VirtualNetworkResourceId parameter for the network rule.
Therefore, the correct answer choices are B and C.
