Learn how to make your Azure virtual machine accessible from the Internet over HTTP using two possible solutions: modifying a network security group (NSG) or an Azure firewall. Ensure secure and controlled access to your VM with these comprehensive configuration options.
Table of Contents
Question
Your Azure environment contains multiple Azure virtual machines.
You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.
What are two possible solutions? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Modify an Azure Traffic Manager profile
B. Modify a network security group (NSG)
C. Modify a DDoS protection plan
D. Modify an Azure firewall
Answer
B. Modify a network security group (NSG)
D. Modify an Azure firewall
Explanation
A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network.
You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets.
You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
In this question, we need to add a rule to the network security group to allow the connection to the virtual machine on port 80 (HTTP).
To ensure that your Azure virtual machine named VM1 is accessible from the Internet over HTTP, you have two possible solutions:
B. Modify a network security group (NSG):
Network Security Groups (NSGs) are used to filter network traffic to and from Azure resources in a virtual network. To allow HTTP traffic to reach VM1, you need to create an inbound security rule in the NSG associated with the VM’s network interface or subnet. The rule should allow inbound traffic on port 80 (HTTP) from the Internet (source IP range: 0.0.0.0/0 or Internet tag). By modifying the NSG to permit HTTP traffic, you enable users to access VM1 from the Internet using a web browser.
D. Modify an Azure firewall:
Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. To make VM1 accessible from the Internet over HTTP using Azure Firewall, you need to configure a firewall policy with an application rule that allows inbound HTTP traffic (port 80) to the VM’s IP address or subnet. Azure Firewall acts as a secure gateway, controlling and filtering traffic between the Internet and your virtual network. By modifying the Azure Firewall policy to allow HTTP access to VM1, you enable users to reach the virtual machine from the Internet securely.
Both solutions provide a complete approach to making your virtual machine accessible from the Internet over HTTP. Modifying an NSG is a simple and effective way to control traffic at the network level, while using Azure Firewall offers a more robust and centralized solution for network security management.
Options A (Modify an Azure Traffic Manager profile) and C (Modify a DDoS protection plan) do not directly address the requirement of making VM1 accessible from the Internet over HTTP. Azure Traffic Manager is used for load balancing and routing traffic to multiple endpoints, while DDoS protection plans help protect against Distributed Denial of Service attacks.
Microsoft AZ-900 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft AZ-900 exam and earn Microsoft AZ-900 certification.