ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-900 All Questions

View all questions & answers for the AZ-900 exam
Go to Exam

Exam AZ-900 topic 1 question 229 discussion

Actual exam question from Microsoft's AZ-900
Question #: 229
Topic #: 1
[All AZ-900 Questions]

Which resources can be used as a source for a Network security group inbound security rule?

  • A. Service Tags only
  • B. IP Addresses, Service tags and Application security groups
  • C. Application security groups only
  • D. IP Addresses only
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Source or destination:
Any, or an individual IP address, classless inter-domain routing (CIDR) block (10.0.0.0/24, for example), service tag, or application security group.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
by TTAKU at Oct. 2, 2021, 5:15 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
TTAKU
Highly Voted 3 years, 7 months ago
Correct Answer: Network security groups are processed after Azure translates a public IP address to a private IP address for inbound traffic, and before Azure translates a private IP address to a public IP address for outbound traffic. . Specifying a range, a service tag, or application security group, enables you to create fewer security rules. https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview#security-rules
upvoted 27 times
...
atilla
Highly Voted 3 years, 3 months ago
I am also studying for az104,
upvoted 10 times
DAN_17
3 years, 1 month ago
bravoooo
upvoted 8 times
...
SAFM
1 year, 7 months ago
I agree, and I'm confused coz I did not really go so much in-depth to prepare for AZ-90... are we screwed up for the exam?
upvoted 1 times
...
...
vombat186
Most Recent 2 months ago
Selected Answer: D
I think the only suitable answer here is D - IP addresses ONLY. I am literally looking at NSG config in Azure portal right now. You can only specify IP address and port as either source or destination. Service Tags and app groups are Firewall features, not NSG features
upvoted 1 times
...
Shruti2024
8 months, 2 weeks ago
KEYWORD --> ONLY
upvoted 2 times
...
NoursBear
9 months, 1 week ago
I think it’s D and the question seems to have been misunderstood by most
upvoted 1 times
NoursBear
7 months, 4 weeks ago
oh yeah B mixed this with something else
upvoted 1 times
...
...
zellck
2 years, 3 months ago
Selected Answer: B
B is the answer. https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview#security-rules - Source or destination Any, or an individual IP address, classless inter-domain routing (CIDR) block (10.0.0.0/24, for example), service tag, or application security group.
upvoted 1 times
zellck
2 years, 3 months ago
You can use IP addresses, service tags, and application security groups as sources for inbound security rules in a Network Security Group (NSG) in Azure. IP addresses can be specified as a single IP address, a range of addresses, or using CIDR notation. Service tags are predefined sets of Azure services that can be used as sources for security rules, such as "AzureCloud" or "AzureActiveDirectory". Application security groups allow you to group virtual machines together and use the group as a source for security rules.
upvoted 1 times
...
...
akp1000
3 years, 3 months ago
Selected Answer: B
Correct answer
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago