exam questions

Exam AZ-900 All Questions

View all questions & answers for the AZ-900 exam

Exam AZ-900 topic 1 question 242 discussion

Actual exam question from Microsoft's AZ-900
Question #: 242
Topic #: 1
[All AZ-900 Questions]

HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: No -
Azure creates the default rules in each network security group that you create. These rules allow some traffic.

Box 2: Yes -
A network security group contains zero, or as many rules as desired. These rules can refer to application security groups.

Box 3: Yes -
Azure creates the Inbound and OutBound default rules in each network security group that you create.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
kamal_004
Highly Voted 2 years, 5 months ago
A network security group (NSG) will block all network traffic by default >> A network security group does not encrypt network traffic. It works in a similar way to a firewall in that it is used to block or allow traffic based on source/destination IP address, source/destination ports and protocol Applications security group can be specified as part of network security group (NSG) rules >> In a NSG you can have up to 1000 NSG rules. In max 100 of this 1000 NSG rules you can specify an Application Security Group as a source or destination Network security groups (NSGs) always include inbound security rules and outbound security rules >> A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. Answer: No Yes Yes
upvoted 19 times
ArunPrem
2 years, 5 months ago
As per your above explanation and the question1 being asked. it should be Y,Y,Y
upvoted 3 times
TomGa
2 years, 2 months ago
Key words 'by default' it does not, thus Answer = No
upvoted 4 times
...
...
...
chael88
Highly Voted 2 years, 2 months ago
Q1.NO. By default, all inbound traffic is blocked and all outbound traffic is allowed. So the answer is NO since not all traffic is blocked.
upvoted 7 times
...
Shruti2024
Most Recent 6 months, 4 weeks ago
The first question does not specify if it's inbound or outbound traffic. In only blocks all inbound traffic by default, so I think it's a no
upvoted 2 times
...
gfalconx
1 year, 4 months ago
q1 is No full answer is NYY
upvoted 1 times
...
phidelics
1 year, 8 months ago
keyword: by default!!! its NYY
upvoted 3 times
...
speedyweedy
1 year, 10 months ago
Answer is YYY Network Security Group (NSG) in Azure will block all network traffic by default. When you create a new NSG, there are no inbound or outbound security rules defined. This means that all inbound and outbound traffic to/from resources associated with the NSG is blocked. To allow traffic to flow, you need to create inbound and/or outbound security rules explicitly in the NSG. These rules define the type of traffic (such as TCP or UDP), the source and destination IP addresses and ports, and the action (allow or deny). It's important to note that NSGs are applied to subnets or network interfaces, not individual virtual machines. This means that all virtual machines associated with a subnet or network interface will be subject to the same NSG rules. Also, keep in mind that NSGs are stateful, which means that if you create an inbound security rule to allow traffic, the return traffic will be allowed automatically. You don't need to create a separate outbound security rule to allow the return traffic.
upvoted 2 times
...
speedyweedy
1 year, 10 months ago
Answer is YYY NSG does block all traffic by default
upvoted 2 times
...
motekim
2 years ago
Take my test tomorrow. If i get this question, I'm going to go with NO: By default, a Network Security Group (NSG) in Azure does not block all network traffic. It allows all inbound and outbound traffic until rules are added explicitly to block or allow traffic. When a new NSG is created, it has no rules, and therefore no traffic is blocked. It's up to the user to add rules to the NSG to allow or deny traffic.
upvoted 2 times
...
zellck
2 years, 2 months ago
NYY is the answer. https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview#default-security-rules https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview#application-security-groups Application security groups enable you to configure network security as a natural extension of an application's structure, allowing you to group virtual machines and define network security policies based on those groups. You can reuse your security policy at scale without manual maintenance of explicit IP addresses.
upvoted 3 times
...
yragchan
2 years, 4 months ago
seems the answer is correct https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
upvoted 1 times
...
Naoufal18
2 years, 5 months ago
YYY Unless you've created a rule that allows port 80 inbound, the traffic is denied by the DenyAllInbound default security rule, and never evaluated by NSG2, since NSG2 is associated to the network interface. If NSG1 has a security rule that allows port 80, the traffic is then processed by NSG2. To allow port 80 to the virtual machine, both NSG1 and NSG2 must have a rule that allows port 80 from the internet. For more details : https://learn.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
upvoted 2 times
iowaporter
2 years, 4 months ago
The NSG will block all Internet inbound traffic by default. But it will allow other network traffic such as AllowVNetInBound. https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview#default-security-rules
upvoted 7 times
n_mehr69
2 days ago
what is this mean? first box yes or no?
upvoted 1 times
...
RougePotatoe
2 years, 2 months ago
Literally so many people that wouldn't even look at azure portal rofl.
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago