SIMULATION - You need to ensure that connections from the Internet to VNET1\subnet0 are allowed only over TCP port 7777. The solution must use only currently deployed resources. To complete this task, sign in to the Azure portal.
Suggested Answer:See the explanation below.
You need to configure the Network Security Group that is associated with subnet0. 1. In the Azure portal, type Virtual Networks in the search box, select Virtual Networks from the search results then select VNET1. Alternatively, browse to Virtual Networks in the left navigation pane. 2. In the properties of VNET1, click on Subnets. This will display the subnets in VNET1 and the Network Security Group associated to each subnet. Note the name of the Network Security Group associated to Subnet0. 3. Type Network Security Groups into the search box and select the Network Security Group associated with Subnet0. 4. In the properties of the Network Security Group, click on Inbound Security Rules. 5. Click the Add button to add a new rule. 6. In the Source field, select Service Tag. 7. In the Source Service Tag field, select Internet. 8. Leave the Source port ranges and Destination field as the default values (* and All). 9. In the Destination port ranges field, enter 7777. 10.Change the Protocol to TCP. 11.Leave the Action option as Allow. 12.Change the Priority to 100. 13.Change the Name from the default Port_8080 to something more descriptive such as Allow_TCP_7777_from_Internet. The name cannot contain spaces. 14.Click the Add button to save the new rule.
All services or type 'network security groups' on the search bar > click your target NSG > on Settings, click 'Inbound security rules' > click + Add > Source: service tag, destination port: 7777, Protocol: TCP, Priority:100, Name:<provide name>, and leave the rest as defaults > click Add
Question says Traffic should be allowed from Internet to subnet0. Usage of Destination "Any" will allow traffic to all subnet which is little over the requirement. Hence only CIDR notation of subnet2 only should be mentioned in Destination of Inbound Security rule.
Sign in to the Azure portal.
In the left-hand menu, click on “All services”.
In the “All services” box, type “Network Security Group”.
Click on the “Network Security Groups” item in the search results.
In the “Network security groups” window, find and click on the network security group that is associated with VNET1\subnet0.
In the settings menu of the selected network security group, click on “Inbound security rules”.
Click on the “+ Add” button to create a new inbound security rule.
In the “Add inbound security rule” window, fill in the following details:
Source: Any
Source port ranges: *
Destination: Any
Destination port ranges: 7777
Protocol: TCP
Action: Allow
Priority: Choose a value less than 65000. Lower numbers have higher priorities.
Name: Choose a name for this rule.
Click on the “Add” button to create the rule.
Think you misread the question. You do not need to restrict existing resources - you cannot create new resources. In other words you must add rule to existing NSG
upvoted 2 times
...
...
This section is not available anymore. Please use the main Exam Page.AZ-500 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Mic8888
Highly Voted 3 years agoCarlosBarrero
Highly Voted 4 years, 2 months agoViggy1212
Most Recent 7 months agomrt007
1 year, 1 month agofireb
1 year, 7 months agoF117A_Stealth
2 years, 5 months agoPatchfox
3 years, 4 months agoorallony
3 years, 7 months agoOldJan
3 years, 5 months agoJAGUDERO
4 years, 1 month agoeroms
3 years, 11 months agoEd2learn
3 years, 11 months ago