An administrator added an NSG rule named Allow-Admin-HTTPS with priority 250 to permit inbound TCP 443 from a single public IP. The NSG also contains a Deny-All-Inbound rule with priority 200. The administrator still cannot connect to the VM over HTTPS from the allowed IP. What should be changed to resolve the issue?

Change the deny rule priority to 65000 so it is evaluated first.

A higher numeric priority is evaluated later, not earlier, so this would not fix the problem correctly.

Convert the allow rule to an outbound rule instead of inbound.

The issue is inbound access to the VM, so an outbound rule would not affect the connection attempt.

Replace the NSG with a route table so HTTPS can pass through the subnet.

Route tables affect next-hop selection, not packet अनुमति decisions for inbound traffic.

What does this AZ-104 question test?

CIDR notation defines the prefix length.

What is the correct answer to this question?

The correct answer is: Change the allow rule priority to a number lower than 200. — The allow rule must be evaluated before the deny-all rule. In Azure NSGs, lower priority numbers win. Since the deny rule at 200 is ahead of the allow rule at 250, the traffic never reaches the exception. Lowering the allow rule's priority to a number below 200 is the correct way to permit only the intended administrator source IP on HTTPS. Why others are wrong: Raising the deny rule to a larger number would make it less likely to be evaluated early, but it still does not address the rule ordering problem as stated. Outbound rules do not control inbound connections. A route table cannot override NSG filtering because routing and security are separate functions.

What should I do if I get this AZ-104 question wrong?

Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.