Learn how to ensure the principle of least privilege in Azure Network Security Groups (NSGs) for securing Virtual Machines. Master inbound security rules and IP access configurations to pass the AZ-700 certification exam with ease.
Table of Contents
Question
You have an Azure Virtual Network that contains a subnet named Subnet1. Subnet1 is associated with a network security group (NSG) named NSG1. NSG1 contains the following inbound security rules:
Rule1:
Priority: 105
Destination Port: 3389
Source: VirtualNetwork
Action: Allow
Rule2:
Priority: 106
Destination Port: 3389
Source: 10.1.0.5
Action: Allow
Rule3:
Priority: 110
Destination Port: 3389
Source: Any
Action: Deny
You have an Azure Virtual Machine named VM1 with a network adapter named NIC1.
You need to ensure that a source IP address of 10.2.0.25 can access NIC1 on port 3389. The solution must use the principle of least privilege.
What should you do?
A. Change Action for Rule3 to Allow.
B. Change Action for Rule1 to Block.
C. Create a rule with a source IP address of 10.2.0.25 and a priority of 107 for port 3389.
D. Create a rule with a source IP address of 10 10.2.0.25 and a priority of 111 for port 3389.
Answer
C. Create a rule with a source IP address of 10.2.0.25 and a priority of 107 for port 3389.
Explanation
Rules are processed in order, so the priority needs to be below 110 for it to be processed first. Allowing Rule3 will allow the traffic in, but it does not maintain security.
Designing and Implementing Microsoft Azure Networking Solutions AZ-700 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Designing and Implementing Microsoft Azure Networking Solutions AZ-700 exam and earn Designing and Implementing Microsoft Azure Networking Solutions AZ-700 certification.