ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 4 question 85 discussion

Actual exam question from Microsoft's AZ-500
Question #: 85
Topic #: 4
[All AZ-500 Questions]

You have an Azure subscription that contains a resource group named RG1 and the network security groups (NSGs) shown in the following table.



You create the Azure policy shown in the following exhibit.



You assign the policy to RG1.

What will occur if you assign the policy to NSG1 and NSG2?

  • A. Flow logs will be enabled for NSG2 only.
  • B. Flow logs will be disabled for NSG1 and NSG2.
  • C. Flow logs will be enabled for NSG1 and NSG2.
  • D. Flow logs will be enabled for NSG1 only.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by qerem at Jan. 9, 2023, 5:46 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Nick66
Highly Voted 2 years, 6 months ago
Selected Answer: B
This is an audit policy with an exception for NSG1. Since Networrk Flow Log is disabled on NSG1 and NSG2 it remains disabled. You need DeployIfNotExists effect to activate NFL. https://azure.microsoft.com/en-us/updates/nsg-flow-logs-built-in-azure-policy/ We are launching two built-in policies for deploying NSG Flow Logs • An Audit policy: Flag NSGs without Flow logs enabled • A DeployIfNotExists policy: Enable Flow logs on NSGs where it is disabled Get started with our tutorial for using the above policies.
upvoted 12 times
...
fonte
Highly Voted 2 years, 6 months ago
Selected Answer: B
I think it should be B since it's an audit policy
upvoted 8 times
...
KindFlame
Most Recent 4 months, 1 week ago
Selected Answer: B
Wording the option as "Flow logs remains disabled for NSG1 and NSG2" or "Flow logs status unchanged for NSG1 and NSG2" would be a lot better.
upvoted 1 times
...
xRiot007
1 year ago
Answer is B - flow logs will continue to be disabled for both NSG1. Reason: policy mode is Audit and even if it would be something else, there is no remediation task. The policy does nothing by itself.
upvoted 3 times
...
AzureAdventure
1 year, 10 months ago
Policy definition : Flow logs should be enabled for every network security group Both flow logs status are "Off" Therefore "B"
upvoted 1 times
...
zellck
2 years, 3 months ago
Selected Answer: B
B is the answer. https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effects#audit Audit is used to create a warning event in the activity log when evaluating a non-compliant resource, but it doesn't stop the request.
upvoted 3 times
...
rudyydmitrij
2 years, 3 months ago
The correct answer is A just because of English :D "B" states that flows "Will be disabled" for NSG1 - but they ARE disabled, they will not BE disabled. So the provided answer is correct.
upvoted 2 times
pentium75
1 year ago
"They will be disabled" can mean "they will be in disabled state", this does not imply that they were enabled before. A is clearly wrong because logs will NOT be enabled for NSG2.
upvoted 1 times
...
...
majstor86
2 years, 5 months ago
Selected Answer: B
B. Flow logs will be disabled for NSG1 and NSG2.
upvoted 4 times
...
AzureJobsTillRetire
2 years, 6 months ago
Selected Answer: B
The wording is confusing. The actual effect is that flow logs status will remain off for NSG1 and NSG2
upvoted 6 times
...
qerem
2 years, 6 months ago
I think the correct answer is "B" , because the effect of the policy is "Audit"
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel