Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam AZ-103 topic 4 question 51 discussion

Actual exam question from Microsoft's AZ-103
Question #: 51
Topic #: 4
[All AZ-103 Questions]

You have an Azure subscription that contains the resources in the following table.

VM1 and VM2 are deployed from the same template and host line-of-business applications accessed by using Remote Desktop.
You configure the network security group (NSG) shown in the exhibit. (Click the Exhibit tab.)

You need to prevent users of VM1 and VM2 from accessing websites on the Internet over TCP port 80.
What should you do?

  • A. Change the DenyWebSites outbound security rule.
  • B. Change the Port_80 inbound security rule.
  • C. Disassociate the NSG from a network interface.
  • D. Associate the NSG to Subnet1.
Show Suggested Answer Hide Answer
Suggested Answer: D ūüó≥ÔłŹ
You can associate or dissociate a network security group from a network interface or subnet.
The NSG has the appropriate rule to block users from accessing the Internet. We just need to associate it with Subnet1.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nhan
Highly Voted 3 years, 7 months ago
Given answer is correct, after we create the NGS and configure the policy we need to apply the policy on a subnet.
upvoted 12 times
...
eburgo
Highly Voted 3 years, 6 months ago
The answer is correct. The necessary rules are in place. We just need to associate the NSG to the subnet.
upvoted 6 times
...
sohailn
Most Recent 3 years, 1 month ago
i think so user can still access the website by using port 443 https, correct me please if i am wrong.
upvoted 2 times
dbdb
2 years, 10 months ago
read the requirements again "You need to prevent users of VM1 and VM2 from accessing websites on the Internet over TCP port 80."
upvoted 1 times
...
...
nfett
3 years, 6 months ago
last comment is correct. given answer is correct. top right is a dead giveaway on what the answer should be.
upvoted 4 times
...
RSAN27
3 years, 6 months ago
The answer is correct. Top-right does not describe any subnet or network interface associated.
upvoted 4 times
...
jonnybugaloo
3 years, 6 months ago
Yes. We can see on the left top of the image that the nsg isn't associated to a subnet neither to nic.
upvoted 1 times
...
klopper
3 years, 7 months ago
I think connection via RDP would be blocked after attaching NSG to subnet1, but still this is the only reasonable answer here
upvoted 2 times
_syamantak
3 years, 4 months ago
No connection via RDP will not be blocked. Only blocked port is 80 and incoming requests on any other ports are opened. RDP runs on 3389 (by default) and hence it stays open
upvoted 1 times
...
sjccde
3 years, 1 month ago
I think so too: The NSG is not yet associated so it is the only awnser. But: Inbound Deny All will break RDP, atleast from outside the VNet. VNet internal has an allow rule for any protocol, so there could be RDP connections from inside the vnet.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...