It's correct answer ..When some try to connect Dns as rule having priority 900 it will resolve it and block. And when we delete this rule other rule 50-500 has both dns port 53 and web server 80 so it will allow both.

The question assumes that web servers are listening on default HTTP (TCP 80) and HTTPS (TCP 443) ports which is not necessarily the case. I really think they should give more clarity in the question. It also worth mentioning that UDP 53 is usually used for DNS client queries and on Windows 10 it doesn't fall back to TCP 53 (just tested it). TCP 53 is usually used for zone transfers.

Given answer is correct

came out in exam

Answers are correct

The key point here: "Rules with small (meaning higher priority) values are processed before rules with larger (meaning lower priority) values."

Some things to think about here; 1. 'Internet' users being 'outside users' trying to access (incoming traffic) your Web (Internet Server/Site) / DNS Server. 2. I saw no mention of NSG order of processing Rules. "A number between 100 and 4096. Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed." That said, I believe the given answers are correct.

Answers are not correct: - Sceario1 Rule1 blocks DNS and Outgoing rule blocks Web server port .So internet users cannot access either DNS or WEB Scenario 2: Only DNS can be accessed.

Answer stated is correct: DNS uses port 53/TCP for zone transfers and 53/UDP for lookups. As port 50-60 ANY (=TCP and UDP) protocol is denied by Rule2. DNS server wil not work. Webserver (port 80/TCP and port 443/TCP) will work as Rule1 allows this. If Rule2 is removed, DNS server will also work. (Rule3 is irrelevant.)

Came in exam 1st Aug 2020

TCP 53 is only for zone transfers for DNS servers. UDP 53 for name resolution for "users". Whoever created this question, he/she was clearly not aware of that. Strictly speaking, provided answer is wrong.

Not the best question, technically you can access both directly through 3389 but I don't think that is what they are asking. I think they are talking about direct ports 80 and 53 in which case, answer is correct. Protocol = ANY (TCP/UDP/ICMP)

Inbound NSG rule will block DNS but will allow port 80 or 443 whichever port for webserver to work. Outbound rule will block port 80. If a user initiates a conection (incoming) to the webserver he gets connected but however a rule exists to prevent port 80 from going out. My guess is user cannot access DNS or webserver. Someone please clarify.

given answers are correct

Given answer is correct

we also need to assume we are using IP addresses as opposed to hostnames as DNS wouldn't be resolving anything which also could change answer 1 to none of those services DNS nor HTTP unless like I said they are using IP addresses instead. Hard to tell.

dns uses udp for look ups. zone transfers are done over tcp. question is vague in that but the assumption is that they are looking for an dns lookup as thats what the general public will gravitate towards on this question,