ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 13 question 3 discussion

Actual exam question from Microsoft's AZ-500
Question #: 3
Topic #: 13
[All AZ-500 Questions]

HOTSPOT -
You are evaluating the effect of the application security groups on the network communication between the virtual machines in Sub2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: No. VM4 is in Subnet13 which has NSG3 attached to it.
VM1 is in ASG1. NSG3 would only allow ICMP pings from ASG2 but not ASG1. Only TCP traffic is allowed from ASG1.
NSG3 has the inbound security rules shown in the following table.

Box 2: Yes.
VM2 is in ASG2. Any protocol is allowed from ASG2 so ICMP ping would be allowed.
Box3. VM1 is in ASG1. TCP traffic is allowed from ASG1 so VM1 could connect to the web server as connections to the web server would be on ports TCP 80 or
TCP 443.
by barchetta at Feb. 10, 2020, 4:22 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
barchetta
Highly Voted 5 years, 1 month ago
q1: dont forget ping is not tcp.. I know better but forgot.
upvoted 51 times
swip
4 years, 11 months ago
lol, I was about to kick off, until I read your comment. Face palmed myself and thought I'm an idiot, I also know better
upvoted 6 times
...
Stuudent
4 years, 4 months ago
Well excuse me...: Verifies IP-level connectivity to another TCP/IP computer by sending Internet Control Message Protocol (ICMP) echo Request messages. The receipt of corresponding echo Reply messages are displayed, along with round-trip times. ping is the primary TCP/IP command used to troubleshoot connectivity, reachability, and name resolution. Used without parameters, this command displays Help content. and This command is available only if the Internet Protocol (TCP/IP) is installed as a component in the properties of a network adapter in Network Connections. https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/ping sounds to me like icmp is operating within TCP and therefore the answer to Q1 should be YES in my opinion.
upvoted 2 times
ckochhar
4 years, 2 months ago
No ICMP itself is a protocol just like TCP, UDP. Dont confuse them with ports, hence it does not fall under TCP.
upvoted 10 times
...
rawrkadia
3 years, 7 months ago
Test this in Azure and you'll see that its wrong. Allow TCP does not allow ICMP (or UDP), the NSG rules are protocol specific and ICMP is its own protocol.
upvoted 1 times
...
gills
4 years, 4 months ago
ICMP is a network-layer protocol. There is no TCP or UDP port number associated with ICMP packets as these numbers are associated with the transport layer above. So comparing to HTTP, which has a port 80 or 443 , there for the underlying protocol tcp is mapped to that protocol as well. ICMP is different. SS
upvoted 8 times
...
...
AAAAAks
2 years, 1 month ago
missed that there is rule with 200 priority which will not allow any communication.. Ignore my query above.
upvoted 1 times
...
...
asdf12345a
Highly Voted 4 years, 1 month ago
Answer is correct - No, Yes, Yes. You cannot ping the private address of VM4. VM4 is in ASG1 connected to Subnet13 that is associated with NSG3. NSG3 allows only allows TCP from ASG1 and ICMP is not TCP, therefore the answer is no. From VM2, you can ping the private IP address of VM4 as NSG3 allows inbound connections on any protocol from ASG2. From VM1, you can connect to the web server on VM4 as NSG3 allows all TCP connections from ASG1 to ASG1, and both VM1 and VM4 are in ASG1.
upvoted 26 times
...
Sabr_
Most Recent 20 hours, 18 minutes ago
Exam question 6th April 2025
upvoted 1 times
...
Sabr_
20 hours, 19 minutes ago
Exam question 6th April 2025
upvoted 1 times
...
schpeter_091
4 months, 4 weeks ago
Just wanna add my own experience to question 1: I just tested it with public IP, but: When you create a new inbound rule in NSG, there is an option to create ICMPv4 rule and set it to allow. Also, on the server you wanna ping , set the rule Echo Request – ICMPv4-In to allow.
upvoted 1 times
...
saira23
8 months, 3 weeks ago
In Exam20/07/2024
upvoted 2 times
...
RemmyT
11 months ago
Passed. Exam duration 100 min + 20. On the Microsoft site: https://learn.microsoft.com/en-us/credentials/certifications/azure-security-engineer/?practice-assessment-type=certification You will have 100 minutes to complete this assessment. Last Updated 04/30/2024 55 questions (46+9) contoso, 6 questions This question in exam (study case) My answer N Y N New 3 or 4 questions VM1, SQL1, VNET1, AKS in Google Cloud. What items are protected by Microsoft Defender & default period scan.
upvoted 1 times
RemmyT
11 months ago
Sorry: N Y Y
upvoted 1 times
dc864d4
10 months, 2 weeks ago
Sorry: Pings use a different protocol than TCP NYN.... goodbye
upvoted 1 times
...
...
...
Ivan80
1 year, 2 months ago
In exam 1/28/24
upvoted 3 times
...
azure_2563
1 year, 5 months ago
ANSWER: NO- PROTOCOL IS TCP that is why YES YES
upvoted 2 times
...
_punky_
1 year, 5 months ago
answer is correct
upvoted 1 times
...
TheProfessor
1 year, 6 months ago
Answers are correct. TCP and ICP are NOT same.
upvoted 2 times
...
AzureAdventure
1 year, 6 months ago
Tips : "You can connect" means via protocol(TCP) - communication with acknowledge flags etc. "Ping" is not TCP protocol. This is ICMP (Internet Control Message Protocol) - Just control :)
upvoted 1 times
...
AzureAdventure
1 year, 6 months ago
ICMP ping example => ping google.com
upvoted 1 times
...
liorh
1 year, 10 months ago
so what is the correct answer? NYY?
upvoted 1 times
...
zellck
1 year, 11 months ago
Gotten this in May 2023 exam.
upvoted 1 times
...
majstor86
2 years, 1 month ago
NO YES YES
upvoted 4 times
...
AAAAAks
2 years, 1 month ago
Q1 : Rule 65000 allowing any protocol with in virtual network and should allow PING as well from VM1 to VM4
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago