ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 6 question 21 discussion

Actual exam question from Microsoft's AZ-500
Question #: 21
Topic #: 6
[All AZ-500 Questions]

HOTSPOT
-

You have an Azure subscription that contains the virtual networks shown in the following table.



NSG1 and NSG2 both have default rules only.

The subscription contains the virtual machines shown in the following table.



The subscription contains the web apps shown in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by Mnguyen0503 at Jan. 13, 2024, 4:32 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Mnguyen0503
Highly Voted 1 year, 3 months ago
Should be YNN. VNET integration is for outbound traffic only, thus NSG won't apply here, at least not for inbound traffic. "Virtual network integration gives your app access to resources in your virtual network, but it doesn't grant inbound private access to your app from the virtual network. " https://learn.microsoft.com/en-us/azure/azure-functions/functions-networking-options?tabs=azure-cli#virtual-network-integration
upvoted 16 times
Alluru
10 months, 1 week ago
NSG1 controls inbound traffic to WebApp1 - Yes Virtual Network Integration will not act as private access for inbound request but for outbound request resources can reach other resources with in VNET or to other VNET if they are within the same region. Here, NSG's that are in place for inbound request will control incoming requests to WebApp1.
upvoted 2 times
pentium75
8 months, 3 weeks ago
NSG is in VNet, but Web App's integration with VNet is only affecting outbound traffic (as seen from the Web App). Web App's incoming traffic does NOT go through the VNet, thus is not affected by the NSG.
upvoted 2 times
...
...
...
pentium75
Highly Voted 8 months, 3 weeks ago
YNY Yes - VNet integration of WebApp1 allows outbound traffic to peered VNets No - VNet integration of WebApp1 affects only outbound traffic (inbound goes through public IP, thus not through VNet and not through NSG) Yes - WebApp2 is in an ASE in isolated tier INSIDE VNet2, from there is can access VNet1 which is peered
upvoted 6 times
...
golitech
Most Recent 2 months, 3 weeks ago
YNY WebApp1 can connect to VM2 → Yes WebApp1 (Premium) is integrated into VNet1. VNet1 and VNet2 are peered. Default NSG rules allow outbound traffic and permit VNet-to-VNet communication. No NSG rule blocks this traffic, so WebApp1 can connect to VM2. NSG1 controls inbound traffic to WebApp1 → No WebApp1 (Premium) uses VNet integration, which only affects outbound traffic. Inbound traffic to WebApp1 does not go through NSG1; instead, it is handled by the App Service front-end. Since NSG1 only affects VMs and subnets, not the App Service, it does not control inbound traffic to WebApp1. WebApp2 can connect to VM1 → Yes WebApp2 (Isolated) is deployed inside Subnet2 of VNet2. VNet2 and VNet1 are peered, meaning communication is allowed. Default NSG rules permit outbound traffic and VNet-to-VNet traffic. No explicit deny rule exists, so WebApp2 can connect to VM1. Final Answers: ✅ Yes - WebApp1 can connect to VM2. ❌ No - NSG1 does not control inbound traffic to WebApp1. ✅ Yes - WebApp2 can connect to VM1.
upvoted 2 times
...
davedave123
3 months, 2 weeks ago
Isolated v2 will be able to communicate with vm1 https://learn.microsoft.com/en-us/azure/app-service/environment/networking
upvoted 1 times
...
Drew294
10 months ago
I agree YNN. Y - WebApp1 has VNI and VNET1 and VNET2 are peered N - NSG1 is associated to Subnet1, since Subnet1 contains VM1, WebApp1 is in a different subnet (WebApps must be deployed to an empty subnet). NSG1 as far as this question goes is only associated to Subnet1. N - WebApp2 does not have VNET integration
upvoted 4 times
pentium75
8 months, 3 weeks ago
WebApp2 "does not have VNET integration" because it is running INSIDE VNet2 in an ASE in the isolated tier. Of course it can access VM1 from there.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago