Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
Box 2 is Correct! - No!
All of you guys saying that a Network Security Group (NSG) can be associated to a virtual network should be banned on taking this exam as you just misguide others. Please make some research before you decide to leave some worthless comment.
“You can associate zero, or one, network security group to each virtual network subnet and network interface in a virtual machine. The same network security group can be associated to as many subnets and network interfaces as you choose.”
References: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
Note: It clearly says it must be either a subnet (not a virtual network) or a NIC.
read here and answer from #140, nsg can be attached to virtual network.
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
The second option is NO
"You can associate zero, or one, network security group to each virtual network subnet and network interface in a virtual machine. The same network security group can be associated to as many subnets and network interfaces as you choose."
Source: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
Thank you for posting this. It appears that yes you can filter traffic in/out of VNET but via subnet and NIC level with NSG. If you look at the source posted by @mentedis it states how it all works. The NSG is configured at subnet and NIC level.
Furthermore, I took the AWS exam which is similar concepts, and over there it is the same... you can create Security Groups (instance level) and NACL (subnet level) in a VPC. VPC is their version of VNET. both Security Groups and NACL act as firewalls much like NSG. So the 2nd point is NO. You cannot attach an NSG to VNET but you can protect the VNET via NSG by attaching it to NIC or Subnet.
You're absolutely incorrect.
it is YES YES YES
NSG can be attached to virtual network.
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group
Associate or dissociate a network security group to or from a subnet or network interface
To associate a network security group to, or dissociate a network security group from a network interface, see Associate a network security group to, or dissociate a network security group from a network interface. To associate a network security group to, or dissociate a network security group from a subnet, see Change subnet settings.
the doc only mention you can attatch the nsg to a network interface or subnet.
Azure virtual networks deployed to the same Azure region or subscription are not connected by default. You have to configure virtual network peering to allow communication between different virtual networks. Virtual networks deployed to the same resource group must have unique names.
Haha "All of you guys saying that a Network Security Group (NSG) can be associated to a virtual network should be banned on taking this exam". Great approach, ban everyone who gets a question wrong
should be all Yes. You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.
ANS: Y Y Y
Yes, you can associate a Network Security Group (NSG) to a Virtual Network (VNet) in Azure. Here are the steps to do it:
Create an NSG if you haven’t already1.
Open the NSG and select “Subnets” from the left navigation2.
Click on the “Associate” button2.
A new panel will open on the right side2.
On the new panel, select the virtual network and the subnet inside that network that you want to associate the NSG to2.
Please note that you can associate zero, or one, network security group to each virtual network subnet and network interface in a virtual machine3. The same network security group can be associated with as many subnets and network interface.
YNY.
https://learn.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
"You can associate zero, or one, network security group to each virtual network subnet and network interface in a virtual machine. The same network security group can be associated to as many subnets and network interfaces as you choose."
Based on ChatGPT:
he Azure Native Virtual Network (VNet) does not support directly associating Network Security Groups (NSGs) with the entire VNet. However, you can associate NSGs with individual subnets within the VNet to control network traffic at the subnet level. This way, you can effectively apply NSGs to a Virtual Network indirectly by configuring NSGs for its subnets.
correct answer is YNY
Network Security Group (NSG) in Azure will block all network traffic by default.
When you create a new NSG, there are no inbound or outbound security rules defined. This means that all inbound and outbound traffic to/from resources associated with the NSG is blocked.
To allow traffic to flow, you need to create inbound and/or outbound security rules explicitly in the NSG. These rules define the type of traffic (such as TCP or UDP), the source and destination IP addresses and ports, and the action (allow or deny).
It's important to note that NSGs are applied to subnets or network interfaces, not individual virtual machines. This means that all virtual machines associated with a subnet or network interface will be subject to the same NSG rules.
Also, keep in mind that NSGs are stateful, which means that if you create an inbound security rule to allow traffic, the return traffic will be allowed automatically. You don't need to create a separate outbound security rule to allow the return traffic.
https://learn.microsoft.com/en-us/azure/virtual-network/media/network-security-group-how-it-works/network-security-group-interaction.png No is correct for 2nd option
A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network.
You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets.
You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.Answer is YYS
YNY is the answer.
https://learn.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
You can deploy resources from several Azure services into an Azure virtual network. For a complete list, see Services that can be deployed into a virtual network. You can associate zero, or one, network security group to each virtual network subnet and network interface in a virtual machine. The same network security group can be associated to as many subnets and network interfaces as you choose.
You can only attache NSG to subnet or Network interface.
" You can associate zero, or one, network security group to each virtual network subnet and network interface in a virtual machine. The same network security group can be associated to as many subnets and network interfaces as you choose."
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
some comments are missing The logic here. Assigning NSG to vnet cannot be done without specifying a subnet. Yes you will need to select a VNET but then you need to select a subnet. I am saying logic is missing here because eventually if you have two subnets in one VNET, attaching NSG will be done to only one of them, not to both (incase you are thinking of assigning the NSG to VNET) . The mentioned answer is correct YNY
All three are yes.
You can associate zero, or one, network security group to each virtual network subnet and network interface in a virtual machine. The same network security group can be associated to as many subnets and network interfaces as you choose.
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
hercu
Highly Voted 3 years, 2 months agoricerocket
3 years ago[Removed]
2 years, 11 months ago[Removed]
2 years, 1 month ago[Removed]
2 years, 1 month agoTexTheDog
3 years agoSaravana12g
2 years, 11 months agorajkfx1
2 years, 9 months agokucho
2 years, 7 months agosandeepck
2 years, 10 months agodnscloud02
1 year, 3 months agotheManFromRoom5
2 years, 2 months ago[Removed]
Highly Voted 3 years, 2 months agoakepati88
Most Recent 2 weeks agoSaranpriya
4 months, 1 week agoWablo
7 months, 1 week agoSAFM
7 months, 2 weeks agoFabian2222
9 months, 3 weeks agospeedyweedy
1 year agob_script
1 year, 1 month agob_script
1 year, 1 month agoBharathpace
1 year, 1 month agoSean_n3
1 year, 2 months agoBenzitho
1 year, 3 months agozellck
1 year, 4 months agoTh3Gh05T
1 year, 9 months agomadcloud
1 year, 10 months agoTiltedPlanet
1 year, 10 months ago