HOTSPOT - Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Suggested Answer:
Box 1: VM2, VM3 and VM4. VM1 is in VNet1/Subnet1. VNet1 is peered with VNet2 and VNet3. There are no NSGs blocking outbound ICMP from VNet1. There are no NSGs blocking inbound ICMP to VNet1/Subnet2, VNet2 or VNet3. Therefore, VM1 can ping VM2 in VNet1/Subnet2, VM3 in VNet2 and VM4 in VNet3. Box 2: VM4 is in VNet3. VNet3 is peered with VNet1 and VNet2. There are no NSGs blocking outbound ICMP from VNet3. There are no NSGs blocking inbound ICMP to VNet1/Subnet1, VNet1/Subnet2 or VNet2 from VNet3 (NSG10 blocks inbound ICMP from VNet4 but not from VNet3). Therefore, VM4 can ping VM1 in VNet1/ Subnet1, VM2 in VNet1/Subnet2 and VM3 in VNet2.
Been cramming on this one all week. Reviewed this question so many times now, it's muscle memory: The sequence is 234 then 123
Write that sequence down several times on your keyboard and you'll never forget it:
234123 234123 234123
Hope this helps!
vnet1(VM1+VM2) --peering-->vnet2(VM3) --peering-->vnet4(VM5)
\ /
peering peering
\ /
vnet3(VM4)
> I think VM1 can ping: 2,3,4,5 (see above diagram)
> I think VM4 can ping VM2, VM3, VM5 but since there is no option for that so, the only available correct option is "VM3 only"
Default NSG rule allows all ports inbound and outbound for the VirtualNetwork service tag. This encompasses any peered networks
The VM Firewalls allow ICMP
So any VMs in peered VNets can ping
The answer is 1234 (1 > 2,3,4) (4 > 1,2,3)
It is not hard ...only two things to be checked ...
1) Is there a peering in place ?
2) Is there a NSG rule blocking ?
Do that is order and we are good with the answers
Default Inbound or Outbound rule doesn't allow ICMP.
VM1 can only ping VM2. Default rule for inside vnet will allow it.
VM4 cannot ping anything. Default Outbound rule will block it.
https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview#default-security-rules
No, default AllowVnetOutBound allows outbound traffic between Vnets and has better (low) priority
NSG inbound Default rules:
65000 AllowVnetInBound -> Source VirtualNetwork Dest VirtualNetwork
65001 AllowAzureLoadBalancerInBound -> Source AzureLoadBalancer Dest Any
65500 DenyAllInBound -> Source Any Dest Any
NSG outbound Default rules:
65000 AllowVnetOutBound -> Source VirtualNetwork Dest VirtualNetwork
65001 AllowAzureInternetOutBound -> Source Any Dest Any
65500 DenyAllOutBound -> Source Any Dest Any
You can resume
- the Internet inbound traffic is not allowed but the Internet outbound is allowed
- the inter-intra vnet traffic is allowed
- the traffic coming from Azure LB into the vnet is allowed (because it uses IP public as source)
They ask from which VM's can ping VM1 and VM4 successfully... We can ping VM1 from VM2,VM3,VM4 and VM4 from VM1,VM2,VM3...
Because
NSG Inbound rule deny the RDP por from 10.1.x.x to any destination...
NSG Inbound rule deny the ICMP from 10.10.x.x to any destination
10.0.0.0/16 is Vnet4 address space..so VM5 only is available in this Vnet..
NSG outbound rule deny the RDP port from 10.1.x.x to any destination...
By default outbound rule for any to any virtual network is enabled..
Already peering is enabled between Vnet1,vnet2,vnet3... obviously ping will happen successfully...
Please correct me if anything wrong in my understanding
no mate, they are not asking this, please read the question again, they are asking from vm1 and vm4 which hosts you can ping i.e. vm1, vm4 - > vm2 and etc, not vice-versa..
This section is not available anymore. Please use the main Exam Page.AZ-700 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
derrrp
Highly Voted 2 years, 9 months agoAjdlfasudfo0
2 years, 4 months agoAunehwet79
2 years, 4 months agowooyourdaddy
2 years, 8 months agoAyokun
2 years, 1 month ago7fc1047
Most Recent 6 months agonight_wolf_in
10 months, 2 weeks agovikrants31
1 year, 4 months agoejml
2 years, 2 months agoMrBlueSky
2 years agodsmurray88
2 years, 3 months agoTJ001
2 years, 3 months agoTJ001
2 years, 3 months agoDeepMoon
2 years, 3 months agoFeliphus
5 months, 1 week agoAanandan
2 years, 6 months agoGeorgeMilev91
2 years, 3 months agolobs_wort
2 years, 9 months ago