Exam AZ-500 topic 13 question 2 discussion

1 -- No, as traffic would be sourced from internet since it is destined to the public IP address of VM2. 2 -- Yes, as VM3 has no NSGs interfering and traffic is contained within the same vnet. 3 -- No, as VM5 is in a separate vnet and there is no mention of any peering going on.

1. [No] because VM1 is trying to reach VM2 with VM2's PUBLIC IP address which should be blocked by NSG1. 2. [Yes] because VM1 and VM3 are in the same VNET and you can reach each other with the private IP address. 3. [Yes] VM5 has NSG4 which allows internet traffic. VM1 can reach VM5 through internet using the public IP.

Exam question 6th April 2025

In Exam20/07/2024

Passed. Exam duration 100 min + 20. On the Microsoft site: https://learn.microsoft.com/en-us/credentials/certifications/azure-security-engineer/?practice-assessment-type=certification You will have 100 minutes to complete this assessment. Last Updated 04/30/2024 55 questions (46+9) contoso, 6 questions This question in exam (study case) My answer Y N Y New 3 or 4 questions VM1, SQL1, VNET1, AKS in Google Cloud. What items are protected by Microsoft Defender & default period scan.

In exam 1/28/24

Explanation: 1 -- No, as traffic would be sourced from internet since it is destined to the public IP address of VM2.2 -- Yes, as VM3 has no NSGs interfering and traffic is contained within the same vnet.3 -- No, as VM5 is in a separate vnet and there is no mention of any peering going on.

Answer is N N N Box 1: No. All traffic is allowed out to the Internet as per the outbound rule. However, the inbound rules on the NSG1 does not have a rule to allow traffic from Internet and on NSG2 is set to allow traffic from the Internet on port TCP 80 only, hence, Ping will be denied. Box 2: No. VM3 is on Subnet12(same VNet). However, there is no NSG attached to Subnet12 so the traffic will be blocked. All network traffic is blocked through a subnet and network interface if they don't have a network security group associated to them. From <https://learn.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works#inbound-traffic> However, kindly note that if it was the opposite, ping from VM3 to VM1 then the outbound traffic from VM3 will be allowed as the default rule for the outbound traffic is to allow any. Box 3: No (because VM5 is in a separate VNet).

Ans is N, Y, N. For 1st question, NSG2 only allows traffic from Internet on Port 80.

Gotten this in May 2023 exam.

No, Yes, No - Is correct. I have really looked it through.

This is like a sick Microsoft mind bending puzzle.

NO YES NO

in exam oct. 31st

Associate a public IP address to a virtual machine | Microsoft Learn Public IP addresses are associated to network interfaces attached to a VM Allow network traffic to the VM Before you can connect to the public IP address from the internet, ensure that you have the necessary ports open in any network security group that you might have associated to the network interface, the subnet of the network interface, or both. Though security groups filter traffic to the private IP address of the network interface, once inbound internet traffic arrives at the public IP address, Azure translates the public address to the private IP address, so if a network security group prevents the traffic flow, the communication with the public IP address fails.

Answer is NO-YES-NO

In Exam 10/18/2022. One case study(6 ques), no lab.