Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Microsoft Discussions

Exam AZ-104 topic 5 question 35 discussion

Actual exam question from Microsoft's AZ-104
Question #: 35
Topic #: 5
[All AZ-104 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You create a resource lock, and then you assign the lock to the subscription.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Larry88 at Aug. 13, 2020, 3:49 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
mlantonis
Highly Voted 2 years, 11 months ago
Correct Answer: B - No You need to use a custom policy definition, because there is not a built-in policy and Resource Lock is an irrelevant solution. Reference: https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json
upvoted 88 times
...
arseyam
Highly Voted 3 years, 7 months ago
An example of such policy is found here https://markgossa.blogspot.com/2018/11/azure-policy-deny-inbound-rdp-from.html
upvoted 19 times
d0bermannn
2 years, 9 months ago
as they said there is more than one way to skin a cat, that is a developer style)
upvoted 1 times
...
...
_Paul_
Most Recent 3 months, 2 weeks ago
Selected Answer: B
Resource lock is not applicable.
upvoted 1 times
...
CyberKelev
1 year, 1 month ago
No, creating a resource lock and assigning it to the subscription will not meet the goal of automatically blocking TCP port 8080 between virtual networks when an NSG is created. To achieve this goal, you can create an Azure Policy that enforces the required network security rule across all the virtual networks in the subscription. The policy should specify the rule that blocks TCP port 8080 traffic between the virtual networks. When a new NSG is created, it will automatically be associated with the policy, and the required network security rule will be enforced. Resource locks are used to prevent accidental deletion or modification of Azure resources. They do not affect the behavior or configuration of resources such as NSGs.
upvoted 4 times
...
cambis
1 year, 2 months ago
Selected Answer: B
Correct Answer: B
upvoted 2 times
...
sourabhg
1 year, 5 months ago
Selected Answer: A
correct
upvoted 1 times
01111010
5 months, 2 weeks ago
It's the opposite of correct. Answer is 'B. No'.
upvoted 1 times
...
...
EmnCours
1 year, 8 months ago
Selected Answer: B
Correct Answer: B
upvoted 1 times
...
Lazylinux
1 year, 10 months ago
Selected Answer: B
I Luv Honey Because it is B Lock has nothing to do with this situation, it is used on RG and resources
upvoted 1 times
...
AubinBakana
2 years, 7 months ago
haha... Common, please!
upvoted 2 times
...
ZUMY
3 years, 1 month ago
No is answer
upvoted 3 times
...
Aniruddha_dravyakar
3 years, 1 month ago
Lock is used to restrict creattion or accidental deletion of any resource. .. I dont think it is used for blocking traffic
upvoted 3 times
...
StixxNSnares
3 years, 1 month ago
Correct - B
upvoted 3 times
...
I
3 years, 2 months ago
In NSG, create a inbound security rule that set TCP8080 -> Deny and the priority number should be smaller.
upvoted 4 times
...
toniiv
3 years, 2 months ago
Answer B. is correct. Nothing to do with RG locks
upvoted 5 times
...
macross
3 years, 2 months ago
Allow-Deny 8080 (NSG) answer is correct
upvoted 2 times
...
asaz
3 years, 3 months ago
by default NSG blocks all the ports. it has to be explicitly defined which port to open.
upvoted 3 times
...
janshal
3 years, 4 months ago
There is no Connectivity Between different Vent so unless you connect them trough VPN Gatway or Vnet Peering there will be No access from any Ports so i say A Tricky One
upvoted 1 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel