AZ-104 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-104 Exam - Question 396

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

Another administrator plans to create several network security groups (NSGs) in the subscription.

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: You assign a built-in policy definition to the subscription.

Does this meet the goal?

Show Answer
Correct Answer: B

To ensure that any newly created network security group (NSG) automatically blocks TCP port 8080 between virtual networks, one would need a specific policy addressing this particular rule. Azure's built-in policy definitions might not cover this exact requirement. Therefore, creating a custom policy definition specifying the block on TCP port 8080 is necessary. Built-in policies cover more general scenarios and may not include every specific custom rule needed. Thus, simply assigning a built-in policy definition to the subscription is insufficient to meet the stated goal.

Discussion

16 comments
Sign in to comment
STHOption: B
Jul 14, 2020

there is no such built-in policy (yet), that is why we need a custom one

DodgyD
Jan 12, 2021

Not sure what you are referring to ..There are many Built-in Policy Definitions for you to choose from. Sorting by Category will help you locate what you need.. https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies I'd say ans: B, too - as a custom policy would be required for specific ports.

d0bermannn
Jul 10, 2021

agreed, if there is no device drivers [for winmodem for example], write it yourself [true unixway] ))

I
Feb 23, 2021

I cannot agree you more!

ScreamingHand
Jun 10, 2021

Exactly. I will memorise ALL of the built-in policies to ensure I am well prepared for the MS exam.

MrMacro
Dec 15, 2021

lol... too funny.

Lazylinux
Jun 21, 2022

I can lend U the Blue Book Bill Gates gave me, it contains Summary bullet points style of All MS Technologies

urbanmonk
Oct 16, 2023

lol, We need this kind of humor here because iterating over these questions is no child's play

Indy429
Dec 21, 2023

My god these trick questions everywhere. It's more about comprehensive reading and paying attention to silly details rather than focusing on actual solutions on these exam questions. Ridiculous.

mlantonisOption: B
May 18, 2021

Correct Answer: B - No You need to use a custom policy definition, because there is not a built-in policy. Resource policy definition used by Azure Policy enables you to establish conventions for resources in your organization by describing when the policy is enforced and what effect to take. By defining conventions, you can control costs and more easily manage your resources. Reference: https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies

oooMoooOption: B
Dec 25, 2020

You need to use a custom policy definition.

favelaOption: B
Sep 7, 2022

Answer is B passed today score 900

majerlyOption: B
Sep 30, 2022

Today in exam , is B

toniivOption: B
Feb 18, 2021

Answer B. is correct. You need to create a custom policy

AubinBakanaOption: A
Aug 30, 2021

I would have answered A here. Thank heavens I have spent time going through these. So there's no such a built-in role huh?! :)

Sharathjogi
Jan 6, 2022

Me too...

janshalOption: A
Jan 12, 2021

again, when NSG is created the default NSG rule will NOT permit any traffic between 2 different VNETs So i think that the answer to All Q in this series is YES. unless you peer the networks or create VPN gateway between them, they will NOT be able to Talk to each other

Laurent_Byanjira
Jan 21, 2021

AllowVNetInBound ALLOWVNETINBOUND Priority Source Source ports Destination Destination ports Protocol Access 65000 VirtualNetwork 0-65535 VirtualNetwork 0-65535 Any Allow I think you are not right. This default rule will allow Vnet to communicate by default

ZUMYOption: B
Mar 4, 2021

Sorry ignore previous No is answer when NSG is created the default NSG rule will NOT permit any traffic between 2 different VNETs . unless you peer the networks or create VPN gateway

ZUMYOption: B
Mar 4, 2021

No is correct! when NSG is created the default NSG rule will NOT permit any traffic between 2 different VNETs So i think that the answer to All Q in this series is YES. unless you peer the networks or create VPN gateway

LazylinuxOption: B
Jun 21, 2022

I Luv Honey Because it is B Nothing relates to the solution no such thing in NSG

EmnCoursOption: B
Aug 26, 2022

there is no such built-in policy (yet), that is why we need a custom one

Adebowale
Aug 15, 2021

Hello STH, Well done for the clarification

EleChieOption: B
Jun 17, 2022

Correct Answer B: NO We need to use a custom policy definition, because there is no such a built-in policy.

tashakoriOption: B
Mar 15, 2024

No is right

blejzer2Option: B
Jul 17, 2024

Today in exam , is B.