ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-700 All Questions

View all questions & answers for the AZ-700 exam
Go to Exam

Exam AZ-700 topic 14 question 1 discussion

Actual exam question from Microsoft's AZ-700
Question #: 1
Topic #: 14
[All AZ-700 Questions]

HOTSPOT -
You need to restrict traffic from VMScaleSet1 to VMScaleSet2. The solution must meet the virtual networking requirements.
What is the minimum number of custom NSG rules and NSG assignments required? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 2: One NSG -
The minimum requirement is one NSG. You could attach the NSG to VMScaleSet1 and restrict outbound traffic, or you could attach the NSG to VMScaleSet2 and restrict inbound traffic. Either way you would need two custom NSG rules.

Box 1: Two custom rules -
With the NSG attached to VMScaleSet2, you would need to create a custom rule blocking all traffic from VMScaleSet1. Then you would need to create another custom rule with a higher priority than the first rule that allows traffic on port 443.
The default rules in the NSG will allow all other traffic to VMScaleSet2.
by BenH at June 2, 2022, 2:40 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
derrrp
Highly Voted 2 years, 9 months ago
2 Rules 1 Assignment Reminds me of an old video I once saw on the internet...
upvoted 30 times
manhattan
3 months, 2 weeks ago
2 rules, 1 assignment (although in this way you are blocking the traffic in one direction only) I suppose the question is asking to restrict the traffic from scaleset1 to scaleset2 only, it doesn't say to restrict it bidirectionally, right?
upvoted 1 times
...
jeffangel28
2 years, 8 months ago
Right, validated!
upvoted 1 times
...
sapien45
2 years, 6 months ago
I saw a variant of that movie : 3 rHoles 1 Assgnment I just saw a few minutes though
upvoted 2 times
MariusKas
2 years, 6 months ago
I tested your movie in lab - got all Yesses
upvoted 3 times
...
...
...
Sergovladi
Most Recent 2 months, 2 weeks ago
3 rules with lower priority for Rule3: 1) allow outbound TCP 443 from VMSS1 IPs, 2) allow inbound TCP 443 for VMSS2 - needed too, otherwise Rule 1 will not work, 3) deny all outbound TCP 443 from VMSS1 IPs - lower priority 1 assignment to the subnet
upvoted 1 times
Sergovladi
2 months, 2 weeks ago
I take it back as I overlooked that no other restrictions are required. The offered answers are correct: 2 rules and 1 assignment
upvoted 1 times
...
...
marcelina50
10 months ago
My 2 cents on this: 1 Custom Rule and 1 assignment Custome rule: Allow trafic from VMSS1 to VMSS2 on port 443. Assignment: NSG assigned to subnet since they reside inside the same subnet. Now the caveat... With each NSG we have a standard rule to ALLOW inbound Vnet communications. If you DENY that traffic you don't need to create another custom rule to deny the traffic within the subnet. Am I wrong ? Please
upvoted 1 times
...
Webesciaki
1 year, 3 months ago
why not 1:1 ? 1 - assignment to just VMSS2 as "Network Security Groups can be applied directly to a scale set, by adding a reference to the network interface configuration section of the scale set virtual machine properties." 1 rule - block TCP/443 with source of subnet1 and deny. REST VNET's cidrs would be allowed by default. out of the scope of this question I guess but you could assign ASG to VMSS1 and use that as source in that single blocking rule assigned directly to VMSS2
upvoted 1 times
Webesciaki
1 year, 3 months ago
my bad - I misread the requirements 1:2 1 assignment 2 rules: 1st allow tcp/443, 2nd block subnet1 as source
upvoted 2 times
...
...
[Removed]
2 years ago
To restrict traffic from VMScaleSet1 to VMScaleSet2 on TCP port 443, we need to create a custom NSG rule to allow traffic on port 443 and apply it to both VMScaleSet1 and VMScaleSet2. We also need to create a custom NSG rule to deny all traffic and apply it to VMScaleSet1. So the minimum number of custom NSG rules and NSG assignments required would be: 2 custom NSG rules: 1 to allow traffic on TCP port 443 and 1 to deny all traffic 2 NSG assignments: 1 for VMScaleSet1 and 1 for VMScaleSet2 Therefore, the answer is: Minimum number of custom NSG rules = 2 Minimum number of NSG assignments = 2 Note: It's important to note that we could potentially use an existing NSG that is already assigned to the virtual machines and add the necessary rules to it. In that case, the minimum number of NSG assignments would be 1.
upvoted 3 times
MrBlueSky
2 years ago
You could just apply the NSG to the subnet that both VMSS are in. Min number of rules = 2 Min number of assignments = 1
upvoted 8 times
...
...
BenH
2 years, 10 months ago
Correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago