HOTSPOT -
You are evaluating the effect of the application security groups on the network communication between the virtual machines in Sub2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Box 1: No. VM4 is in Subnet13 which has NSG3 attached to it.
VM1 is in ASG1. NSG3 would only allow ICMP pings from ASG2 but not ASG1. Only TCP traffic is allowed from ASG1.
NSG3 has the inbound security rules shown in the following table.
Box 2: Yes.
VM2 is in ASG2. Any protocol is allowed from ASG2 so ICMP ping would be allowed.
Box3. VM1 is in ASG1. TCP traffic is allowed from ASG1 so VM1 could connect to the web server as connections to the web server would be on ports TCP 80 or
TCP 443.
q1: dont forget ping is not tcp.. I know better but forgot.
lol, I was about to kick off, until I read your comment. Face palmed myself and thought I'm an idiot, I also know better
Well excuse me...: Verifies IP-level connectivity to another TCP/IP computer by sending Internet Control Message Protocol (ICMP) echo Request messages. The receipt of corresponding echo Reply messages are displayed, along with round-trip times. ping is the primary TCP/IP command used to troubleshoot connectivity, reachability, and name resolution. Used without parameters, this command displays Help content. and This command is available only if the Internet Protocol (TCP/IP) is installed as a component in the properties of a network adapter in Network Connections. https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/ping sounds to me like icmp is operating within TCP and therefore the answer to Q1 should be YES in my opinion.
ICMP is a network-layer protocol. There is no TCP or UDP port number associated with ICMP packets as these numbers are associated with the transport layer above. So comparing to HTTP, which has a port 80 or 443 , there for the underlying protocol tcp is mapped to that protocol as well. ICMP is different. SS
No ICMP itself is a protocol just like TCP, UDP. Dont confuse them with ports, hence it does not fall under TCP.
Test this in Azure and you'll see that its wrong. Allow TCP does not allow ICMP (or UDP), the NSG rules are protocol specific and ICMP is its own protocol.
missed that there is rule with 200 priority which will not allow any communication.. Ignore my query above.
Answer is correct - No, Yes, Yes. You cannot ping the private address of VM4. VM4 is in ASG1 connected to Subnet13 that is associated with NSG3. NSG3 allows only allows TCP from ASG1 and ICMP is not TCP, therefore the answer is no. From VM2, you can ping the private IP address of VM4 as NSG3 allows inbound connections on any protocol from ASG2. From VM1, you can connect to the web server on VM4 as NSG3 allows all TCP connections from ASG1 to ASG1, and both VM1 and VM4 are in ASG1.
N, Y, Y 1 = N , because only TCP is allowed from ASG1, not icmp 2 = Y, because ASG2 is allowed any inbound 3 = Y, because tcp is allowed as explained for 1.
Item 3: This is true in case connection to Web server is done on the private IP. Otherwise it is NO - packets from Internet are dropped.
NO YES YES
In exam 1/28/24
In Exam 10/18/2022. One case study(6 ques), no lab.
Answers are correct. TCP and ICP are NOT same.
ANSWER: NO- PROTOCOL IS TCP that is why YES YES
in exam oct. 31st.
Q1 : Rule 65000 allowing any protocol with in virtual network and should allow PING as well from VM1 to VM4
Gotten this in May 2023 exam.
so what is the correct answer? NYY?
ICMP ping example => ping google.com
Tips : "You can connect" means via protocol(TCP) - communication with acknowledge flags etc. "Ping" is not TCP protocol. This is ICMP (Internet Control Message Protocol) - Just control :)
answer is correct
Passed. Exam duration 100 min + 20. On the Microsoft site: https://learn.microsoft.com/en-us/credentials/certifications/azure-security-engineer/?practice-assessment-type=certification You will have 100 minutes to complete this assessment. Last Updated 04/30/2024 55 questions (46+9) contoso, 6 questions This question in exam (study case) My answer N Y N New 3 or 4 questions VM1, SQL1, VNET1, AKS in Google Cloud. What items are protected by Microsoft Defender & default period scan.
Sorry: N Y Y
Sorry: Pings use a different protocol than TCP NYN.... goodbye
In Exam20/07/2024