ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-700 All Questions

View all questions & answers for the AZ-700 exam
Go to Exam

Exam AZ-700 topic 2 question 46 discussion

Actual exam question from Microsoft's AZ-700
Question #: 46
Topic #: 2
[All AZ-700 Questions]

SIMULATION
-




Username and password
-

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Azure Username: [email protected]

Azure Password: xxxxxxxxxx
-

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the
portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 12345678
-

You plan to deploy several virtual machines to subnet1-2.

You need to prevent all Azure hosts outside of subnet1-2 from connecting to TCP port 5585 on hosts on subnet1-2. The solution must minimize administrative effort.

To complete this task, sign in to the Azure portal.

Show Suggested Answer Hide Answer
Suggested Answer:
by JohnAvlakiotis at May 26, 2023, 3:19 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ABIYGK
Highly Voted 1 year, 4 months ago
The lab is about creating NSG only, The NSG needs to deny traffic on port 5585 to the Subnet1-2. The image is not correct. Create an NSG with deny inbound traffic on port 5585 and associate the NSG with Subnet1-2. Step 1: Create NSG Upper left side of the portal Search for Network Security Group Put > Subscription > Resource Group > Name > Region Tags Review+Create Step 2: Add Inbound Security Source > Any Port Range > * Destination > IP address Destination IP address/CIDR Range > Range of Subnet1-2 Service > Custom Destination Port Range > 5585 Protocol > Any Action > Deny Priority > 100 Name > DenyAnyCustom8080Inbound Add Step 3: Associate the NSG with the subnet Go to Virtual Network Select the Subnet1-2 On NSG section > select the proper name of the NSG that you create earlier Save
upvoted 12 times
trashbox
1 year ago
Allow TCP 5585 access from the specified Subnet's IP address range with a priority of 100 NSG. Then deny TCP 5585 access from Any with an NSG of priority 200.
upvoted 5 times
...
volto
1 year ago
You need 2 rules, also allowing traffic inside the vnet, as @mabalon wrote.
upvoted 2 times
bobothewiseman
3 months, 2 weeks ago
No need! There is a default rule “allowVnetInbound” to allow which permits communication between resources within the same virtual network (including the same subnet).
upvoted 1 times
aki9892
3 months, 2 weeks ago
Intra-Subnet traffic It's important to note that security rules in an NSG associated to a subnet can affect connectivity between VMs within it. By default, virtual machines in the same subnet can communicate based on a default NSG rule allowing intra-subnet traffic. If you add a rule to NSG1 that denies all inbound and outbound traffic, VM1 and VM2 won't be able to communicate with each other. https://learn.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
upvoted 2 times
...
...
...
...
mabalon
Highly Voted 1 year, 2 months ago
I think that also we need to add a rule for allow the traffic from the subnet. If we only create the DEny Rule all the traffic will be blocked, also the intra-subnet traffic. https://learn.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works#intra-subnet-traffic
upvoted 6 times
...
bobothewiseman
Most Recent 2 months, 2 weeks ago
The best approach is: NSG Rule Configuration Property Value Priority 100 Name Deny_TCP_5585 Source Service Tag Source service tag VirtualNetwork Source Port Range * Destination IP range of subnet1-2 Destination Port Range 5585 Protocol TCP Action Deny
upvoted 1 times
...
Lazylinux
11 months, 3 weeks ago
Based on this https://learn.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works you need 2 inbound NSG security rules 1- Allow intra-subnet communication priority 110 and other is DENY as per requirement and priority 130 as example but must be of higher number than the allow and hence processed after
upvoted 4 times
cerifyme85
8 months, 3 weeks ago
Wrong!! Only applies if u are applying NSG on a VM level.. Basic neetworking
upvoted 1 times
LieJ0n
6 months, 2 weeks ago
I initially thought the same, but: https://learn.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works#intra-subnet-traffic It's important to note that security rules in an NSG associated to a subnet can affect connectivity between VMs within it. By default, virtual machines in the same subnet can communicate based on a default NSG rule allowing intra-subnet traffic. If you add a rule to NSG1 that denies all inbound and outbound traffic, VM1 and VM2 won't be able to communicate with each other.
upvoted 2 times
...
...
...
njana94
1 year ago
You have to create 2 inbound policies. Priority 100: Allow subnet1-2 to subnet1-2 on port 5585 Priority 200: Deny Any to subet1-2 on port 5585 or a single deny policy (any to subnet1-2, port 5585) at priority 65200
upvoted 4 times
bobothewiseman
3 months, 2 weeks ago
No need! There is a default rule “allowVnetInbound” to allow which permits communication between resources within the same virtual network (including the same subnet).
upvoted 1 times
...
...
ABIYGK
1 year, 4 months ago
The lab is about creating NSG only, The NSG needs to deny traffic on port 5585 to the Subnet1-2. The image is not correct. Create an NSG with deny inbound traffic on port 5585 and associate the NSG with Subnet1-2. Step 1: Create NSG Upper left side of the portal Search for Network Security Group Put > Subscription > Resource Group > Name > Region Tags Review+Create Step 2: Add Inbound Security Source > Any Port Range > * Destination > IP address Destination IP address/CIDR Range > Range of Subnet1-2 Service > Custom Destination Port Range > 5585 Protocol > Any Action > Deny Priority > 100 Name > DenyAnyCustom8080Inbound Add Step 3: Associate the NSG with the subnet Go to Virtual Network Select the Subnet1-2 On NSG section > select the proper name of the NSG that you create earlier Save
upvoted 2 times
...
JohnAvlakiotis
1 year, 5 months ago
The "Add inbound rule" image is misleading. The text above for the rule is correct.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago