You need to restrict access to an Azure Storage account so that only traffic from a specific virtual network is allowed. What should you configure?
You can add a rule to allow access only from a specific VNet.
Why this answer
Option C is correct because Azure Storage firewalls and virtual networks allow you to restrict access to specific VNets. Option A is wrong because NSGs apply to subnets, not to storage accounts directly. Option B is wrong because Azure Firewall is for network traffic filtering, not for storage access control.
Option D is wrong because private endpoints provide private connectivity but do not restrict access by default.