Exam AZ-500 All QuestionsBrowse all questions from this exam
Go to Exam
Question 476

HOTSPOT -

You are evaluating the security of VM1, VM2, and VM3 in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

    Correct Answer:

    VM1: Yes. NSG2 applies to VM1 and this allows inbound traffic on port 80.

    VM2: No. NSG2 and NSG1 apply to VM2. NSG2 allows the inbound traffic on port 80 but NSG1 does not allow it.

    VM3: Yes. There are no NSGs applying to VM3 so all ports will be open.

Discussion
dadageer

Answers correct! Y, N, Y

macco455

https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works For anyone who doesn't understand how multiple NSGs work. This explains it perfect Answers are correct

Grafting

Its YNN the default inbound rule does not allow traffic from the Internet you guys are confusing this with the default outbound rule which does allow all traffic to the Internet

Ajdlfasudfo0

well actually it is dependent on the public ip SKU, basic allows everything by default while Standard blocks everything by default

Macke53

you are correct. By default nothing from Internet is allowed if there is no NSG. Tested in lab by disassociating NSG from VM NIC and it stopped connectivity.

Jimmy500

There is not before nsg in the condition of question: All virtual machines have public IP addresses and the Web Server (IIS) role installed. The firewalls for each virtual machine allow ping requests and web requests.

zellck

Gotten this in May 2023 exam.

majstor86

YES NO YES

wardy1983

VM1: Yes. NSG2 applies to VM1 and this allows inbound traffic on port 80. VM2: No. NSG2 and NSG1 apply to VM2. NSG2 allows the inbound traffic on port 80 but NSG1 does not allow it. VM3: Yes. There are no NSGs applying to VM3 so all ports will be open.

wardy1983

VM1: Yes. NSG2 applies to VM1 and this allows inbound traffic on port 80. VM2: No. NSG2 and NSG1 apply to VM2. NSG2 allows the inbound traffic on port 80 but NSG1 does not allow it. VM3: Yes. There are no NSGs applying to VM3 so all ports will be op

Feraso

Y N N Reg 3, All network traffic is blocked through a subnet and network interface if they don't have a network security group associated to them.

lt9898

Agree on YNN unless MS's example on this page is incorrect for VM4 Inbound where traffic is blocked https://learn.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works

Nava702

This is wrong information. If your VM has a public IP and no NSG associated, all traffic from the internet is allowed. https://learn.microsoft.com/en-us/azure/virtual-network/diagnose-network-traffic-filter-problem

certma2023

There is a slightly detail about that. Without NSG all internal traffic is allowed. About traffic coming from Internet, you have two cases: -> If you are using a Basic SKU Public IP, then the IN/OUT public traffic is allowed by default without an NSG on the NIC/Subnet -> If you are using a standard SKU Public IP, then the IN/OUT public traffic is NOT allowed by default and you need to create an NSG As the question on that exam seems pretty old and there is no precisions about the Public IP SKU (Basic or Standard), we can assume that it is YNY. But assuming the SKU is standard, the answer would be YNN. https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-addresses#sku Whatever, in september 2025, the basic SKU will disappear. At that time, the answer will be definitively YNN if the exam content is updated & the exam still exist on MS side :)

TheProfessor

Answers are correct : Y, N, Y

RemmyT

Passed. Exam duration 100 min + 20. On the Microsoft site: https://learn.microsoft.com/en-us/credentials/certifications/azure-security-engineer/?practice-assessment-type=certification You will have 100 minutes to complete this assessment. Last Updated 04/30/2024 55 questions (46+9) contoso, 6 questions This question in exam (study case) My answer Y N Y New 3 or 4 questions VM1, SQL1, VNET1, AKS in Google Cloud. What items are protected by Microsoft Defender & default period scan.

Ivan80

In exam 1/28/24

_punky_

Answer is correct: YNY 2nd: The problem is that NSG1 is the last resolved NSG in the NSG order where NSG2 is resolved before which allows the connection through. Then comes NSG1 which has NSG1 and the traffic denies. 3rd: No NSG == access allowed

saira23

In Exam20/07/2024

Swaminathan

How NGS1 is applicable to VM2?

Swaminathan

NSG1 is attached to VM1's NIC only

AzureAdventure

VM1 and VM2 is connected to the same NIC and subnet. you connect to VM1 from internet, yess i got it. But why NO, when you connect to VM2 from internet. The same case but different results. Is there any one can write an explanation?

AzureAdventure

VM1 associated to subnet11 => NIC2 VM2 associated to subnet11 => NIC2 NIC2 inbound rule says 80 / TCP (Source = internet, destination=VirtualNetwork) Why is it different, where connection requests are coming from internet ?

_punky_

The problem is that NSG1 is the last resolved NSG in the NSG order where NSG2 is resolved before which allows the connection through. Then comes NSG1 which has NSG1 and the traffic denies.

lahl

in exam oct. 31st

koreshio

Y, N, Y Given answer is correct.