AZ-104 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-104 Exam - Question 399

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

Another administrator plans to create several network security groups (NSGs) in the subscription.

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: You configure a custom policy definition, and then you assign the policy to the subscription.

Does this meet the goal?

Show Answer
Correct Answer: AB

A custom policy definition in Azure Policy is primarily used to enforce organizational standards and assess compliance at-scale. However, it does not directly configure or manage network security groups (NSGs) to apply specific security rules. To ensure that a new NSG automatically blocks TCP port 8080, you need to create and apply an NSG rule directly, not through a policy definition. Therefore, configuring a custom policy definition and assigning it to the subscription would not meet the goal of automatically blocking TCP port 8080 between the virtual networks.

Discussion

14 comments
Sign in to comment
mlantonisOption: A
May 18, 2021

Correct Answer: A - Yes You need to use a custom policy definition, because there is not a built-in policy. Resource policy definition used by Azure Policy enables you to establish conventions for resources in your organization by describing when the policy is enforced and what effect to take. By defining conventions, you can control costs and more easily manage your resources. Reference: https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies

tutaOption: A
Dec 5, 2020

given answer is correct

JayLearn2022Option: A
Feb 17, 2023

There are several versions of this question. The following are the correct and incorrect answers that can be presented. Correct Answer: Meets the goal. -Solution: You configure a custom policy definition, and then you assign the policy to the subscription. Incorrect Answers: Does not meet the goal. -Solution: You create a resource lock, and then you assign the lock to the subscription. -Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider -Solution: You assign a built-in policy definition to the subscription.

ZUMYOption: A
Mar 4, 2021

A is correct!

AubinBakana
Aug 30, 2021

I sure won't forget this one, ha!

toniivOption: A
Feb 18, 2021

Answer A. is correct. Custom policy is the key

Hibs2016Option: A
Dec 6, 2020

Answer is correct

TheOne1Option: A
Feb 10, 2021

Correct

ajayasaOption: A
Mar 16, 2022

this question was there on 16/03/2022 with same question and passed with 900 percent

EmnCoursOption: A
Aug 26, 2022

Correct Answer: A You need to use a custom policy definition, because there is not a built-in policy

majerlyOption: A
Sep 30, 2022

Today in exam , is A

G_unit_19Option: A
Feb 21, 2022

A is the correct answer

favelaOption: A
Sep 7, 2022

Yes custom policy not built

blejzer2Option: A
Jul 17, 2024

Today in exam , answer: A -YES