HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
Suggested Answer:
Box 1: No - Azure creates the default rules in each network security group that you create. These rules allow some traffic.
Box 2: Yes - A network security group contains zero, or as many rules as desired. These rules can refer to application security groups.
Box 3: Yes - Azure creates the Inbound and OutBound default rules in each network security group that you create. Reference: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
A network security group (NSG) will block all network traffic by default >> A network security group does not encrypt network traffic. It works in a similar way to a firewall in that it is used to block or allow traffic based on source/destination IP address, source/destination ports and protocol
Applications security group can be specified as part of network security group (NSG) rules >> In a NSG you can have up to 1000 NSG rules. In max 100 of this 1000 NSG rules you can specify an Application Security Group as a source or destination
Network security groups (NSGs) always include inbound security rules and outbound security rules >> A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
Answer: No Yes Yes
Answer is YYY
Network Security Group (NSG) in Azure will block all network traffic by default.
When you create a new NSG, there are no inbound or outbound security rules defined. This means that all inbound and outbound traffic to/from resources associated with the NSG is blocked.
To allow traffic to flow, you need to create inbound and/or outbound security rules explicitly in the NSG. These rules define the type of traffic (such as TCP or UDP), the source and destination IP addresses and ports, and the action (allow or deny).
It's important to note that NSGs are applied to subnets or network interfaces, not individual virtual machines. This means that all virtual machines associated with a subnet or network interface will be subject to the same NSG rules.
Also, keep in mind that NSGs are stateful, which means that if you create an inbound security rule to allow traffic, the return traffic will be allowed automatically. You don't need to create a separate outbound security rule to allow the return traffic.
Take my test tomorrow. If i get this question, I'm going to go with NO:
By default, a Network Security Group (NSG) in Azure does not block all network traffic. It allows all inbound and outbound traffic until rules are added explicitly to block or allow traffic. When a new NSG is created, it has no rules, and therefore no traffic is blocked. It's up to the user to add rules to the NSG to allow or deny traffic.
NYY is the answer.
https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview#default-security-rules
https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview#application-security-groups
Application security groups enable you to configure network security as a natural extension of an application's structure, allowing you to group virtual machines and define network security policies based on those groups. You can reuse your security policy at scale without manual maintenance of explicit IP addresses.
YYY
Unless you've created a rule that allows port 80 inbound, the traffic is denied by the DenyAllInbound default security rule, and never evaluated by NSG2, since NSG2 is associated to the network interface. If NSG1 has a security rule that allows port 80, the traffic is then processed by NSG2. To allow port 80 to the virtual machine, both NSG1 and NSG2 must have a rule that allows port 80 from the internet.
For more details : https://learn.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
The NSG will block all Internet inbound traffic by default. But it will allow other network traffic such as AllowVNetInBound.
https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview#default-security-rules
Literally so many people that wouldn't even look at azure portal rofl.
upvoted 1 times
...
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kamal_004
Highly Voted 2 years, 5 months agoArunPrem
2 years, 5 months agoTomGa
2 years, 2 months agochael88
Highly Voted 2 years, 2 months agoShruti2024
Most Recent 6 months, 4 weeks agogfalconx
1 year, 4 months agophidelics
1 year, 8 months agospeedyweedy
1 year, 10 months agospeedyweedy
1 year, 10 months agomotekim
2 years agozellck
2 years, 2 months agoyragchan
2 years, 4 months agoNaoufal18
2 years, 5 months agoiowaporter
2 years, 4 months agon_mehr69
1 day, 23 hours agoRougePotatoe
2 years, 2 months ago