AZ-303 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-303 Exam - Question 176

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

Another administrator plans to create several network security groups (NSGs) in the subscription.

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: You create a resource lock, and then you assign the lock to the subscription.

Does this meet the goal?

Show Answer
Correct Answer: B

A resource lock in Azure is designed to prevent accidental deletion or modification of resources, not to enforce specific security rules or configurations such as blocking a specific TCP port. Therefore, creating a resource lock will not achieve the goal of automatically blocking TCP port 8080 between the virtual networks. The correct approach would involve using an Azure Policy that enforces the desired network security group rules.

Discussion

5 comments
Sign in to comment
nbaset
Jan 25, 2021

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups. Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks. 1) Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider.Does this meet the goal? No 2) Solution: You assign a built-in policy definition to the subscription. Does this meet the goal? No 3) Solution: You create a resource lock, and then you assign the lock to the subscription. Does this meet the goal? No 4) Solution: You configure a custom policy definition, and then you assign the policy to the subscription. Does this meet the goal? Yes

QiangQiang
May 2, 2021

thank you very much

rdemontis
Jul 16, 2021

thanks a lot!

Justin0020
Sep 21, 2021

Thank you!

Kraviecc
Jan 16, 2021

Correct

AAPaul
Jul 15, 2021

I had this question on the exam that i took on July 14th 2021

SaurabhSahu27
Jul 3, 2021

Thanks nbaset for the complete set!

syu31svc
Aug 28, 2021

Resource lock is used to avoid accidental deletion of Azure resources so answer is No