ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-303 All Questions

View all questions & answers for the AZ-303 exam
Go to Exam

Exam AZ-303 topic 1 question 65 discussion

Actual exam question from Microsoft's AZ-303
Question #: 65
Topic #: 1
[All AZ-303 Questions]

HOTSPOT -
You deploy an Azure virtual machine scale set named VSS1 that contains 30 virtual machine instances across three zones in the same Azure region. The instances host an application named App1 that must be accessible by using HTTP and HTTPS traffic. Currently, VSS1 is inaccessible from the internet.
You need to use Azure Load Balancer to provide access to App1 across all the instances from the internet by using a single IP address.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: 1 -

Box 2: 30 network interfaces -
For a standard load balancer, the VMs in the backend address for are required to have network interfaces that belong to a network security group.

Box 3: 2 -
On for the HTTP traffic, and one for the HTTPs traffic.
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/quickstart-load-balancer-standard-public-cli
by sukhdeep at Jan. 10, 2021, 4:42 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
DigitalNomad
Highly Voted 4 years, 4 months ago
I have tested this using https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-install-apps-template , although each VMSS Instance is assigned a NIC but the NSG is assigned to the subnet and not to the NIC
upvoted 25 times
ahorva
3 years, 5 months ago
I just deployed VMSS from Azure Portal with LB and checked the NSG - there is not subnet assigned to the NSG...so correct answer is 30NICS
upvoted 2 times
...
...
LuisV
Highly Voted 4 years, 4 months ago
Answer is correct, NSG for VMSS are configured at NIC level of each VM Network Security Groups can be applied directly to a scale set, by adding a reference to the network interface configuration section of the scale set virtual machine properties. https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-networking
upvoted 17 times
rdemontis
3 years, 11 months ago
I think you are right! And this document seems demontrating this: https://docs.microsoft.com/en-us/azure/load-balancer/quickstart-load-balancer-standard-public-cli?tabs=option-1-create-load-balancer-standard
upvoted 3 times
...
...
itvinoth83
Most Recent 3 years, 2 months ago
In Exam today, 28-03-2022
upvoted 1 times
...
soucine
3 years, 2 months ago
When we create a VMSS with 30 VM. Automatically, Azure will create a Vnet/subnet, 30 NIC, and an NSG that is bound to the 30 NIC. So why do we even need to create a an NSG ? If we create a new NSG it would be better to associate it with the subnet instead of the 30 NIC => so answer : 1 / 1 / 2
upvoted 1 times
...
shree178
3 years, 3 months ago
On exam today 19-2-2022.. Passed with 871.
upvoted 1 times
...
007NoName
3 years, 5 months ago
Why not two subnets and NSGs? one for load balancer and one subnet for all the VMs. As there are two subnet - have two NSGs as one load balancer subnet will allow external traffic while VM subnet will only allow traffic from load balancer
upvoted 2 times
...
HB100
3 years, 8 months ago
I have tested this by creating a brand new vm scale set across 3 zones and 1 vm deployed each zone and it created 1 NSG and 3 vm NICs associated with it. there is no subnet associated with this new scale set. i believe if we deploy 30 vm's, it will associate 30 nics to one NSG. deploy it yourself, it will take 10-15 mins max. So the given ans is correct.
upvoted 4 times
...
codezombie
3 years, 8 months ago
The answer is correct. If you assign NSG at the subnet level then it applies to all VMs in the subnet. Not good from a security point of view because if a new VM gets added to the subnet, it can be access from internet unnecessarily.
upvoted 1 times
...
tteesstt
3 years, 9 months ago
You can associate to 1 subnet or 30 NICs. The question here would be - which one would be proper solution? If there are no other services or VMs on subnet - then we can assign subnet to NSG. If we have other services or VMs on subnet - assign NICs (because, for example, we don't want to give network access to other non VMSS VMs on subnet). If you deploy VMSS + LB via Azure portal, it will assign NICs to NSG.
upvoted 5 times
...
syu31svc
3 years, 9 months ago
Just need one NSG and define the inbound and outbound rules. Assign the NSG at subnet level since all servers belong to same application One rule for HTTP and another rule for HTTPS traffic Answer is 1 NSG, 1 subnet and 2 rules
upvoted 7 times
...
tteesstt
3 years, 10 months ago
"Minimum number of [[[[Azure Standard Load balancer rules]]]] to create: People are saying 2. Where do you come up with this number, even if you base the answer on the provided link, all you need is just 1 Load Balancing rule. Try it yourself. https://docs.microsoft.com/en-us/azure/load-balancer/quickstart-load-balancer-standard-public-cli?tabs=option-1-create-load-balancer-standard#create-the-load-balancer-rule
upvoted 3 times
tteesstt
3 years, 10 months ago
Never mind, I'm dumb. It's HTTP and HTTPS, so two rules.
upvoted 3 times
telepeti
3 years, 6 months ago
nope, unfortunately you are right.. one rule can include 2 ports.. 80 443.. one single rule can handle both HTTP and HTTPS
upvoted 1 times
...
...
...
SatishBhuma
3 years, 10 months ago
Answer : 1 NSG 1 Subnet and 2 - Rules
upvoted 6 times
...
kkstays
3 years, 10 months ago
9th Aug 21 - Was in today's exam. 54 Questions in total (4 Case study), No Lab
upvoted 2 times
...
pentium75
3 years, 11 months ago
The reason for assigning 30 NICs (instead of 1 subnet) ... could it be that the subnet can be used by other resources? Assigning the NSG to the subnet might impact these resources. Since the NSG is meant to protect only the VMSS and nothing else, we need to assign it to VMs.
upvoted 2 times
...
leo_az300
3 years, 11 months ago
given answer is correct. 1 subnet, 3 subnets(in 3 zones) or 30 NICs are all possible options. but the question doesn't clarify it's 1 subnet or 3 . therefore 30 NICs is the only certain answer.
upvoted 4 times
...
satyajit86
3 years, 11 months ago
If VMs are not in same subnet, then ans will be 1 NSG, 30 NIC and 2 rules. But if VMs are in same subnet then ans will be 1 NSG, 1 subnet. and 2 rules. For Standard Load balancer it enforces NSG to explicitly allow traffic from Load Balancer for a VM using NSG. But this NSG can be at either subnet or NIC level. Ans depends on one's assumption on whether VMs are in multiple subnets or single subnet.
upvoted 2 times
vaisat
3 years, 7 months ago
There is no indication that VMs are in the same subnet. Which leads me to think that provided answer is correct.
upvoted 1 times
...
...
Indigoproftrader
3 years, 11 months ago
https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-standard-public-zone-redundant-portal Create VM with NSG (associated to the VM NIC) Looks like it is 30 NIC then.
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel