Exhibit
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2021-02-01",
"name": "nsg-backend",
"location": "[resourceGroup().location]",
"properties": {
"securityRules": [
{
"name": "DenyAllInbound",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 1000,
"direction": "Inbound"
}
},
{
"name": "AllowHTTPFromFrontend",
"properties": {
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "80",
"sourceAddressPrefix": "10.0.1.0/24",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 100,
"direction": "Inbound"
}
}
]
}
}
]
}- A
Only inbound traffic on port 80 is denied
Why wrong: Port 80 from the frontend is allowed.
- B
All inbound traffic is allowed because no default deny rule is present
Why wrong: There is an explicit deny rule with priority 1000.
- C
Only inbound traffic from 10.0.1.0/24 on port 80 is allowed; all other inbound traffic is denied
The allow rule permits specific traffic, and the deny rule blocks everything else.
- D
All inbound traffic is allowed except from 10.0.1.0/24
Why wrong: Traffic from 10.0.1.0/24 on port 80 is allowed.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.