Exam AZ-700 Topic 3 Question 1 Discussion
Actual exam question for Microsoft's AZ-700 exam
Question #: 1
Topic #: 3
Question #: 1
Topic #: 3
Task 10
You plan to deploy several virtual machines to subnet1-2.
You need to prevent all Azure hosts outside of subnetl-2 from connecting to TCP port 5585 on hosts on subnet1-2. The solution must minimize administrative effort.
You plan to deploy several virtual machines to subnet1-2.
You need to prevent all Azure hosts outside of subnetl-2 from connecting to TCP port 5585 on hosts on subnet1-2. The solution must minimize administrative effort.
Suggested Answer:
See the Explanation below for step by step instructions.
Explanation:
To prevent all Azure hosts outside of subnet1-2 from connecting to TCP port 5585 on hosts within subnet1-2, you can use a Network Security Group (NSG). This solution is straightforward and minimizes administrative effort.
Step-by-Step Solution
Step 1: Create a Network Security Group (NSG)
* Navigate to the Azure Portal.
* Search for "Network security groups" and select it.
* Click on "Create".
* Enter the following details:
* Subscription: Select your subscription.
* Resource Group: Select an existing resource group or create a new one.
* Name: Enter a name for the NSG (e.g., NSG-Subnet1-2).
* Region: Select the region where your virtual network is located.
* Click on "Review + create" and then "Create".
Step 2: Create an Inbound Security Rule
* Navigate to the newly created NSG.
* Select "Inbound security rules" from the left-hand menu.
* Click on "Add" to create a new rule.
* Enter the following details:
* Source: Select Service Tag.
* Source Service Tag: Select VirtualNetwork.
* Source port ranges: Leave as *.
* Destination: Select IP Addresses.
* Destination IP addresses/CIDR ranges: Enter the IP range of subnet1-2 (e.g., 10.1.2.0/24).
* Destination port ranges: Enter 5585.
* Protocol: Select TCP.
* Action: Select Deny.
* Priority: Enter a priority value (e.g., 100).
* Name: Enter a name for the rule (e.g., Deny-TCP-5585).
* Click on "Add" to create the rule.
Step 3: Associate the NSG with Subnet1-2
* Navigate to the virtual network that contains subnet1-2.
* Select "Subnets" from the left-hand menu.
* Select subnet1-2 from the list of subnets.
* Click on "Network security group".
* Select the NSG you created (NSG-Subnet1-2).
* Click on "Save".
Explanation:
* Network Security Group (NSG): NSGs are used to filter network traffic to and from Azure resources in an Azure virtual network. They contain security rules that allow or deny inbound and outbound traffic based on source and destination IP addresses, port, and protocol1.
* Inbound Security Rule: By creating a rule that denies traffic on TCP port 5585 from any source outside of subnet1-2, you ensure that only hosts within subnet1-2 can connect to this port.
* Association with Subnet: Associating the NSG with subnet1-2 ensures that the security rules are applied to all resources within this subnet.
By following these steps, you can effectively prevent all Azure hosts outside of subnet1-2 from connecting to TCP port 5585 on hosts within subnet1-2, while minimizing administrative effort.
Explanation:
To prevent all Azure hosts outside of subnet1-2 from connecting to TCP port 5585 on hosts within subnet1-2, you can use a Network Security Group (NSG). This solution is straightforward and minimizes administrative effort.
Step-by-Step Solution
Step 1: Create a Network Security Group (NSG)
* Navigate to the Azure Portal.
* Search for "Network security groups" and select it.
* Click on "Create".
* Enter the following details:
* Subscription: Select your subscription.
* Resource Group: Select an existing resource group or create a new one.
* Name: Enter a name for the NSG (e.g., NSG-Subnet1-2).
* Region: Select the region where your virtual network is located.
* Click on "Review + create" and then "Create".
Step 2: Create an Inbound Security Rule
* Navigate to the newly created NSG.
* Select "Inbound security rules" from the left-hand menu.
* Click on "Add" to create a new rule.
* Enter the following details:
* Source: Select Service Tag.
* Source Service Tag: Select VirtualNetwork.
* Source port ranges: Leave as *.
* Destination: Select IP Addresses.
* Destination IP addresses/CIDR ranges: Enter the IP range of subnet1-2 (e.g., 10.1.2.0/24).
* Destination port ranges: Enter 5585.
* Protocol: Select TCP.
* Action: Select Deny.
* Priority: Enter a priority value (e.g., 100).
* Name: Enter a name for the rule (e.g., Deny-TCP-5585).
* Click on "Add" to create the rule.
Step 3: Associate the NSG with Subnet1-2
* Navigate to the virtual network that contains subnet1-2.
* Select "Subnets" from the left-hand menu.
* Select subnet1-2 from the list of subnets.
* Click on "Network security group".
* Select the NSG you created (NSG-Subnet1-2).
* Click on "Save".
Explanation:
* Network Security Group (NSG): NSGs are used to filter network traffic to and from Azure resources in an Azure virtual network. They contain security rules that allow or deny inbound and outbound traffic based on source and destination IP addresses, port, and protocol1.
* Inbound Security Rule: By creating a rule that denies traffic on TCP port 5585 from any source outside of subnet1-2, you ensure that only hosts within subnet1-2 can connect to this port.
* Association with Subnet: Associating the NSG with subnet1-2 ensures that the security rules are applied to all resources within this subnet.
By following these steps, you can effectively prevent all Azure hosts outside of subnet1-2 from connecting to TCP port 5585 on hosts within subnet1-2, while minimizing administrative effort.
by Solomon at May 13, 2026, 01:55 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).