DRAG DROP You are building an app that will scan confidential documents and use the Language service to analyze the contents. You provision an Azure Cognitive Services resource. You need to ensure that the app can make requests to the Language service endpoint. The solution must ensure that confidential documents remain on-premises. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. 
Pretty sure the right flow is: provision on-prem Kubernetes with internet, pull the container from MCR, then run it using API key and endpoint URL. That's what most Azure docs show for keeping data on-prem but still letting containers check in for billing. I saw a similar question on practice exams. Let me know if you think something's off here.
Yeah, for this use case you want to keep confidential data local but still need the service to talk to Azure for billing etc. So first step is provision an on-premises Kubernetes cluster with internet connectivity, then pull the container image from Microsoft Container Registry (MCR), then run the container and specify API key plus endpoint URL. That's how it works in exam practice labs too, I think. Let me know if you disagree!
This one is all about keeping the data local but still letting the container authenticate with Azure. So I'd start with provisioning an on-premises Kubernetes cluster (with internet access), then pull the image from the Microsoft Container Registry (MCR), and finally run the container specifying API key and endpoint URL. Pretty sure that's the expected sequence, open to corrections.
- Provision on-prem K8s with internet connectivity
- Pull image from MCR
- Run container with API key and endpoint URL
