ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-303 All Questions

View all questions & answers for the AZ-303 exam
Go to Exam

Exam AZ-303 topic 1 question 74 discussion

Actual exam question from Microsoft's AZ-303
Question #: 74
Topic #: 1
[All AZ-303 Questions]

You have an Azure virtual network that contains a subnet named Subnet1. Subnet1 contains 50 virtual machines. Twenty-five of the virtual machines are web servers and the other 25 are application servers.
You need to filter traffic between the web servers and the application servers by using application security groups.
Which additional resource should you provision?

  • A. Azure Firewall
  • B. a user-defined route
  • C. Azure Private Link
  • D. a network security group (NSG)
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
Application security groups enable you to configure network security as a natural extension of an application's structure, allowing you to group virtual machines and define network security policies based on those groups.
You can filter network traffic inbound to and outbound from a virtual network subnet with a network security group.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic
by TSMRE at June 2, 2021, 3:27 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nfett
Highly Voted 4 years, 1 month ago
also referring to https://docs.microsoft.com/en-us/azure/virtual-network/application-security-groups the answer is correct.
upvoted 13 times
...
TSMRE
Highly Voted 4 years, 1 month ago
On exam 6/7/21, given answer correct
upvoted 7 times
...
justfordevelopment
Most Recent 3 years, 4 months ago
In the exam on 12-03-2022. Total 50 questions including case study. "Litware Acquired Fabricam" case study.
upvoted 1 times
...
moon2351
3 years, 5 months ago
Answer is D
upvoted 1 times
...
Ansh27feb
3 years, 6 months ago
Selected Answer: D
Ans is Corret
upvoted 1 times
...
edmacoar123
3 years, 8 months ago
On exam today 19/11/21. Correct answer. Score 860.
upvoted 4 times
...
syu31svc
3 years, 11 months ago
Azure Firewall – This used to centrally create and enforce the network connectivity policies across subscriptions. a user-defined route – This is used to route network traffic. Azure Private Link – This provides private connectivity between Azure services and virtual network. Answer is D for NSG
upvoted 4 times
...
MinhajR
3 years, 11 months ago
On Exam 27/08/2021
upvoted 3 times
...
tita_tovenaar
4 years ago
Answer should be A. Some references below seem to confirm the given answer D, but point at application security group docs. Answer D is not an ASG, but a NSG. Since NSGs don't filter within subnets, they need to be provided per VM. The question asks which resource (singular), so NSGs are not the answer. I concur with some other suggestions below that a Firewall is the only viable option -if splitting in 2 subnets or 50 NSGs or ASGs are no alternatives.
upvoted 3 times
tita_tovenaar
4 years ago
sorry, did't read the article good enough and my comment above is wrong. Answer should be D as proposed, since many application security groups can operate within one subnet and one NSG. Confirmed D.
upvoted 7 times
...
17Master
3 years, 7 months ago
"D" is correct. https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic Create security rules that allows ports 80 and 443 to the myAsgWebServers application security group.
upvoted 2 times
...
...
eliteone11
4 years ago
NSG does not filter traffic within the same subnet. You can inspect traffic within the same subnet by creating a UDR pointing all traffic to the subnet with next hop type "Virtual Appliance" and setting the IP address to a virtual FW appliance (in this case Azure FW). So not sure if they want the answer to be UDR or Azure Firewall....
upvoted 1 times
tita_tovenaar
4 years ago
agree with you, see my separate comment
upvoted 1 times
...
...
rdemontis
4 years ago
Correct
upvoted 1 times
...
az_architect
4 years ago
All the 50 VMs are in the same SubNet. NSG filters traffic in/out of a SubNet not within the SubNet. Can anybody clarifies why the selected answer is correct?
upvoted 1 times
medi01
3 years, 11 months ago
NSG's can contain multiple security groups and rules on those could be defined independently
upvoted 1 times
...
...
betamode
4 years, 2 months ago
For details - https://docs.microsoft.com/en-us/azure/virtual-network/application-security-groups
upvoted 4 times
...
betamode
4 years, 2 months ago
Correct
upvoted 2 times
...
TSMRE
4 years, 2 months ago
Correct :)
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel