ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 5 question 35 discussion

Actual exam question from Microsoft's AZ-104
Question #: 35
Topic #: 5
[All AZ-104 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You create a resource lock, and then you assign the lock to the subscription.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Larry88 at Aug. 13, 2020, 3:49 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mlantonis
Highly Voted 3 years, 9 months ago
Correct Answer: B - No You need to use a custom policy definition, because there is not a built-in policy and Resource Lock is an irrelevant solution. Reference: https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json
upvoted 96 times
...
toniiv
Highly Voted 4 years ago
Answer B. is correct. Nothing to do with RG locks
upvoted 5 times
...
[Removed]
Most Recent 5 months, 1 week ago
Selected Answer: B
B is correct You configure a custom policy definition, and then you assign the policy to the subscription.
upvoted 1 times
...
_Paul_
1 year, 1 month ago
Selected Answer: B
Resource lock is not applicable.
upvoted 1 times
...
CyberKelev
2 years ago
No, creating a resource lock and assigning it to the subscription will not meet the goal of automatically blocking TCP port 8080 between virtual networks when an NSG is created. To achieve this goal, you can create an Azure Policy that enforces the required network security rule across all the virtual networks in the subscription. The policy should specify the rule that blocks TCP port 8080 traffic between the virtual networks. When a new NSG is created, it will automatically be associated with the policy, and the required network security rule will be enforced. Resource locks are used to prevent accidental deletion or modification of Azure resources. They do not affect the behavior or configuration of resources such as NSGs.
upvoted 4 times
...
cambis
2 years ago
Selected Answer: B
Correct Answer: B
upvoted 2 times
...
sourabhg
2 years, 3 months ago
Selected Answer: A
correct
upvoted 1 times
01111010
1 year, 3 months ago
It's the opposite of correct. Answer is 'B. No'.
upvoted 1 times
...
...
EmnCours
2 years, 6 months ago
Selected Answer: B
Correct Answer: B
upvoted 1 times
...
Lazylinux
2 years, 8 months ago
Selected Answer: B
I Luv Honey Because it is B Lock has nothing to do with this situation, it is used on RG and resources
upvoted 1 times
...
AubinBakana
3 years, 6 months ago
haha... Common, please!
upvoted 2 times
...
ZUMY
4 years ago
No is answer
upvoted 3 times
...
Aniruddha_dravyakar
4 years ago
Lock is used to restrict creattion or accidental deletion of any resource. .. I dont think it is used for blocking traffic
upvoted 3 times
...
StixxNSnares
4 years ago
Correct - B
upvoted 3 times
...
I
4 years ago
In NSG, create a inbound security rule that set TCP8080 -> Deny and the priority number should be smaller.
upvoted 4 times
...
macross
4 years, 1 month ago
Allow-Deny 8080 (NSG) answer is correct
upvoted 2 times
...
asaz
4 years, 1 month ago
by default NSG blocks all the ports. it has to be explicitly defined which port to open.
upvoted 3 times
...
janshal
4 years, 2 months ago
There is no Connectivity Between different Vent so unless you connect them trough VPN Gatway or Vnet Peering there will be No access from any Ports so i say A Tricky One
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago