Exam AZ-104 All QuestionsBrowse all questions from this exam
Go to Exam
Question 396

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

Another administrator plans to create several network security groups (NSGs) in the subscription.

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: You assign a built-in policy definition to the subscription.

Does this meet the goal?

    Correct Answer: B

    To ensure that any newly created network security group (NSG) automatically blocks TCP port 8080 between virtual networks, one would need a specific policy addressing this particular rule. Azure's built-in policy definitions might not cover this exact requirement. Therefore, creating a custom policy definition specifying the block on TCP port 8080 is necessary. Built-in policies cover more general scenarios and may not include every specific custom rule needed. Thus, simply assigning a built-in policy definition to the subscription is insufficient to meet the stated goal.

Discussion
STHOption: B

there is no such built-in policy (yet), that is why we need a custom one

DodgyD

Not sure what you are referring to ..There are many Built-in Policy Definitions for you to choose from. Sorting by Category will help you locate what you need.. https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies I'd say ans: B, too - as a custom policy would be required for specific ports.

d0bermannn

agreed, if there is no device drivers [for winmodem for example], write it yourself [true unixway] ))

I

I cannot agree you more!

ScreamingHand

Exactly. I will memorise ALL of the built-in policies to ensure I am well prepared for the MS exam.

MrMacro

lol... too funny.

Lazylinux

I can lend U the Blue Book Bill Gates gave me, it contains Summary bullet points style of All MS Technologies

urbanmonk

lol, We need this kind of humor here because iterating over these questions is no child's play

Indy429

My god these trick questions everywhere. It's more about comprehensive reading and paying attention to silly details rather than focusing on actual solutions on these exam questions. Ridiculous.

mlantonisOption: B

Correct Answer: B - No You need to use a custom policy definition, because there is not a built-in policy. Resource policy definition used by Azure Policy enables you to establish conventions for resources in your organization by describing when the policy is enforced and what effect to take. By defining conventions, you can control costs and more easily manage your resources. Reference: https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies

oooMoooOption: B

You need to use a custom policy definition.

majerlyOption: B

Today in exam , is B

favelaOption: B

Answer is B passed today score 900

AubinBakanaOption: A

I would have answered A here. Thank heavens I have spent time going through these. So there's no such a built-in role huh?! :)

Sharathjogi

Me too...

toniivOption: B

Answer B. is correct. You need to create a custom policy

ZUMYOption: B

Sorry ignore previous No is answer when NSG is created the default NSG rule will NOT permit any traffic between 2 different VNETs . unless you peer the networks or create VPN gateway

janshalOption: A

again, when NSG is created the default NSG rule will NOT permit any traffic between 2 different VNETs So i think that the answer to All Q in this series is YES. unless you peer the networks or create VPN gateway between them, they will NOT be able to Talk to each other

Laurent_Byanjira

AllowVNetInBound ALLOWVNETINBOUND Priority Source Source ports Destination Destination ports Protocol Access 65000 VirtualNetwork 0-65535 VirtualNetwork 0-65535 Any Allow I think you are not right. This default rule will allow Vnet to communicate by default

EmnCoursOption: B

there is no such built-in policy (yet), that is why we need a custom one

LazylinuxOption: B

I Luv Honey Because it is B Nothing relates to the solution no such thing in NSG

ZUMYOption: B

No is correct! when NSG is created the default NSG rule will NOT permit any traffic between 2 different VNETs So i think that the answer to All Q in this series is YES. unless you peer the networks or create VPN gateway

blejzer2Option: B

Today in exam , is B.

tashakoriOption: B

No is right

EleChieOption: B

Correct Answer B: NO We need to use a custom policy definition, because there is no such a built-in policy.

Adebowale

Hello STH, Well done for the clarification