HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
Box 2 is Correct! - No!
All of you guys saying that a Network Security Group (NSG) can be associated to a virtual network should be banned on taking this exam as you just misguide others. Please make some research before you decide to leave some worthless comment.
“You can associate zero, or one, network security group to each virtual network subnet and network interface in a virtual machine. The same network security group can be associated to as many subnets and network interfaces as you choose.”
References: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
Note: It clearly says it must be either a subnet (not a virtual network) or a NIC.
read here and answer from #140, nsg can be attached to virtual network.
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
The second option is NO
"You can associate zero, or one, network security group to each virtual network subnet and network interface in a virtual machine. The same network security group can be associated to as many subnets and network interfaces as you choose."
Source: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
Thank you for posting this. It appears that yes you can filter traffic in/out of VNET but via subnet and NIC level with NSG. If you look at the source posted by @mentedis it states how it all works. The NSG is configured at subnet and NIC level.
Furthermore, I took the AWS exam which is similar concepts, and over there it is the same... you can create Security Groups (instance level) and NACL (subnet level) in a VPC. VPC is their version of VNET. both Security Groups and NACL act as firewalls much like NSG. So the 2nd point is NO. You cannot attach an NSG to VNET but you can protect the VNET via NSG by attaching it to NIC or Subnet.
You're absolutely incorrect.
it is YES YES YES
NSG can be attached to virtual network.
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group
Associate or dissociate a network security group to or from a subnet or network interface
To associate a network security group to, or dissociate a network security group from a network interface, see Associate a network security group to, or dissociate a network security group from a network interface. To associate a network security group to, or dissociate a network security group from a subnet, see Change subnet settings.
the doc only mention you can attatch the nsg to a network interface or subnet.
Azure virtual networks deployed to the same Azure region or subscription are not connected by default. You have to configure virtual network peering to allow communication between different virtual networks. Virtual networks deployed to the same resource group must have unique names.
Haha "All of you guys saying that a Network Security Group (NSG) can be associated to a virtual network should be banned on taking this exam". Great approach, ban everyone who gets a question wrong
should be all Yes. You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.
COPILOT: Actually, Network Security Groups (NSGs) in Azure are not directly attached to virtual networks. Instead, NSGs are associated with individual subnets within a virtual network or with network interfaces of virtual machines. This allows you to control inbound and outbound traffic at a more granular level.
This seems to be the best forum to confuse the heck out of a new learner! All of you reference the same link to say the other person is wrong! Is there no moderator that can tell us newbies what is correct and why? Obviously cannot trust the answers published, because same questions have been published with different answers in this guide!
From Microsoft Community
https://learn.microsoft.com/en-us/answers/questions/1160561/azure-network-security-group-(nsg)-can-be-attached#:~:text=I%20have%20provided%20the%20answers,interface%20in%20a%20virtual%20machine
Q2 is no
True for all.
1. You can associate a Network Security Group (NSG) to a virtual network subnet.
2. You can associate a Network Security Group (NSG) to a virtual network.
3. You can associate a Network Security Group (NSG) to a network interface.
These associations allow you to control inbound and outbound traffic to these resources.
2 True! You can indeed associate a Network Security Group (NSG) with a virtual network in Azure. An NSG acts as a firewall, allowing or denying traffic to and from resources within the virtual network based on rules you define. These rules can control inbound and outbound traffic at the subnet or individual resource level. Keep in mind that associating an NSG with a virtual network helps enhance security by filtering network traffic.
ANS: Y Y Y
Yes, you can associate a Network Security Group (NSG) to a Virtual Network (VNet) in Azure. Here are the steps to do it:
Create an NSG if you haven’t already1.
Open the NSG and select “Subnets” from the left navigation2.
Click on the “Associate” button2.
A new panel will open on the right side2.
On the new panel, select the virtual network and the subnet inside that network that you want to associate the NSG to2.
Please note that you can associate zero, or one, network security group to each virtual network subnet and network interface in a virtual machine3. The same network security group can be associated with as many subnets and network interface.
YNY.
https://learn.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
"You can associate zero, or one, network security group to each virtual network subnet and network interface in a virtual machine. The same network security group can be associated to as many subnets and network interfaces as you choose."
Based on ChatGPT:
he Azure Native Virtual Network (VNet) does not support directly associating Network Security Groups (NSGs) with the entire VNet. However, you can associate NSGs with individual subnets within the VNet to control network traffic at the subnet level. This way, you can effectively apply NSGs to a Virtual Network indirectly by configuring NSGs for its subnets.
correct answer is YNY
Network Security Group (NSG) in Azure will block all network traffic by default.
When you create a new NSG, there are no inbound or outbound security rules defined. This means that all inbound and outbound traffic to/from resources associated with the NSG is blocked.
To allow traffic to flow, you need to create inbound and/or outbound security rules explicitly in the NSG. These rules define the type of traffic (such as TCP or UDP), the source and destination IP addresses and ports, and the action (allow or deny).
It's important to note that NSGs are applied to subnets or network interfaces, not individual virtual machines. This means that all virtual machines associated with a subnet or network interface will be subject to the same NSG rules.
Also, keep in mind that NSGs are stateful, which means that if you create an inbound security rule to allow traffic, the return traffic will be allowed automatically. You don't need to create a separate outbound security rule to allow the return traffic.
https://learn.microsoft.com/en-us/azure/virtual-network/media/network-security-group-how-it-works/network-security-group-interaction.png No is correct for 2nd option
This section is not available anymore. Please use the main Exam Page.AZ-900 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
hercu
Highly Voted 4 years, 1 month agoricerocket
3 years, 12 months ago[Removed]
3 years, 10 months ago[Removed]
3 years, 1 month ago[Removed]
3 years, 1 month agoTexTheDog
3 years, 11 months agoSaravana12g
3 years, 10 months agorajkfx1
3 years, 9 months agokucho
3 years, 7 months agosandeepck
3 years, 10 months agodnscloud02
2 years, 2 months agotheManFromRoom5
3 years, 1 month ago[Removed]
Highly Voted 4 years, 1 month agovombat186
Most Recent 2 months agoPN60
6 months, 1 week agoNoursBear
7 months, 1 week agoe3ddceb
9 months, 3 weeks agowilberrodriguez
10 months, 2 weeks agovarinder82
10 months, 3 weeks agoakepati88
12 months agoSaranpriya
1 year, 3 months agoWablo
1 year, 6 months agoSAFM
1 year, 6 months agoFabian2222
1 year, 9 months agospeedyweedy
2 years agob_script
2 years agob_script
2 years, 1 month agoBharathpace
2 years, 1 month ago