ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 5 question 28 discussion

Actual exam question from Microsoft's AZ-104
Question #: 28
Topic #: 5
[All AZ-104 Questions]

You have an Azure subscription that contains the resources in the following table.

VM1 and VM2 are deployed from the same template and host line-of-business applications.
You configure the network security group (NSG) shown in the exhibit. (Click the Exhibit tab.)

You need to prevent users of VM1 and VM2 from accessing websites on the Internet over TCP port 80.
What should you do?

  • A. Disassociate the NSG from a network interface
  • B. Change the Port_80 inbound security rule.
  • C. Associate the NSG to Subnet1.
  • D. Change the DenyWebSites outbound security rule.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Hibs2016 at Dec. 6, 2020, 7:44 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mlantonis
Highly Voted 3 years, 9 months ago
Correct Answer: C Outbound rule “DenyWebSites” is setup correctly to block outbound internet traffic over port 80. In the screenshot it states, "Associated with: 0 subnets, 0 NIC's", so you need to associate the NSG to Subnet1.You can associate or dissociate a network security group from a NIC or Subnet. Reference: https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group
upvoted 118 times
RougePotatoe
2 years ago
Check top-right corner of image. Notice associated with 0 subnets and 0 network interfaces.
upvoted 5 times
...
...
Hibs2016
Highly Voted 4 years, 2 months ago
Answer is correct - C. Outbound rule: DenyWebSites is setup correctly to block outbound internet traffic over port 80.
upvoted 20 times
Skankhunt
4 years, 2 months ago
Agreed, in screenshot it states "Associated with: 0 subnets, 0 NIC's" ;)
upvoted 11 times
...
Hyrydar
2 years, 6 months ago
I agree with the answer given and all the replies, but someone correct me if i am wrong. Shouldn't the proper choice given be "associate the NSG rule with network interface" because network interface has priority over subnet in outbound flow
upvoted 2 times
TinyRunner
1 year, 7 months ago
Applying the NSG at the subnet level will require less administrative efforts and time spent providing the same security requirement's provided at the NIC level. Your approach will apply only if there´s need to block traffic to one of both VMs. In this case makes sense to apply at the NIC level.
upvoted 2 times
kl8585
1 year, 5 months ago
I agree with you. I will also add that if there were other VMs associated to the subnet but we should only block outbound access for VM1 and VM2 then the correct answer would have been associate NSG rule with the two NIC of the specific VMs.
upvoted 2 times
...
...
...
...
[Removed]
Most Recent 5 months, 1 week ago
Selected Answer: C
C is correct
upvoted 1 times
...
tashakori
11 months, 3 weeks ago
C is right
upvoted 1 times
...
EmnCours
2 years, 6 months ago
Selected Answer: C
Correct Answer: C
upvoted 1 times
...
Lazylinux
2 years, 8 months ago
Selected Answer: C
Given answer is correct Associated with: 0 subnets, 0 NIC's and hence need to associate with Subnet1
upvoted 2 times
...
rasmart
2 years, 10 months ago
Selected Answer: C
check mlantonis
upvoted 6 times
AzureG0d
2 years, 4 months ago
LOL!! its sad how true this is, along with fedztez and lazylinux. thank God for them
upvoted 4 times
...
...
benvdw
2 years, 11 months ago
on exam 13/3/2022
upvoted 2 times
...
ScoutP
3 years, 5 months ago
This question was asked on exam taken on Sept 30, 2021
upvoted 6 times
...
AubinBakana
3 years, 6 months ago
Easy :)
upvoted 1 times
...
sourav4312
3 years, 6 months ago
Probably the easiest answer in the series.
upvoted 1 times
...
Chief
3 years, 10 months ago
One of the easiest question I guess. Associate the NSG to subnet1
upvoted 4 times
...
ZUMY
3 years, 12 months ago
C is correct Oubound rule blocking port 80 is configured correctly
upvoted 5 times
...
toniiv
4 years ago
Answer C. is correct. Outbound rule is right, you only need to associate the NSG to the Subnet to apply the rules.
upvoted 2 times
...
mikl
4 years ago
Valid question - answer is correct. Microsoft just wants us to know that a NSG has to be associated with something, to actually work. Associated with : 0 subnets, 0 nic interfaces.
upvoted 3 times
...
kannan8685
4 years, 1 month ago
yes i agree
upvoted 2 times
...
fedztedz
4 years, 2 months ago
Answer is correct. "C"
upvoted 10 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago