Exam AZ-104 All QuestionsBrowse all questions from this exam
Go to Exam
Question 399

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

Another administrator plans to create several network security groups (NSGs) in the subscription.

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: You configure a custom policy definition, and then you assign the policy to the subscription.

Does this meet the goal?

    Correct Answer: B

    A custom policy definition in Azure Policy is primarily used to enforce organizational standards and assess compliance at-scale. However, it does not directly configure or manage network security groups (NSGs) to apply specific security rules. To ensure that a new NSG automatically blocks TCP port 8080, you need to create and apply an NSG rule directly, not through a policy definition. Therefore, configuring a custom policy definition and assigning it to the subscription would not meet the goal of automatically blocking TCP port 8080 between the virtual networks.

Discussion
mlantonisOption: A

Correct Answer: A - Yes You need to use a custom policy definition, because there is not a built-in policy. Resource policy definition used by Azure Policy enables you to establish conventions for resources in your organization by describing when the policy is enforced and what effect to take. By defining conventions, you can control costs and more easily manage your resources. Reference: https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies

tutaOption: A

given answer is correct

JayLearn2022Option: A

There are several versions of this question. The following are the correct and incorrect answers that can be presented. Correct Answer: Meets the goal. -Solution: You configure a custom policy definition, and then you assign the policy to the subscription. Incorrect Answers: Does not meet the goal. -Solution: You create a resource lock, and then you assign the lock to the subscription. -Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider -Solution: You assign a built-in policy definition to the subscription.

ZUMYOption: A

A is correct!

AubinBakana

I sure won't forget this one, ha!

toniivOption: A

Answer A. is correct. Custom policy is the key

TheOne1Option: A

Correct

Hibs2016Option: A

Answer is correct

majerlyOption: A

Today in exam , is A

EmnCoursOption: A

Correct Answer: A You need to use a custom policy definition, because there is not a built-in policy

ajayasaOption: A

this question was there on 16/03/2022 with same question and passed with 900 percent

blejzer2Option: A

Today in exam , answer: A -YES

favelaOption: A

Yes custom policy not built

G_unit_19Option: A

A is the correct answer