How well do you know Azure network security group powered by www.krishnacloud.school

What is the purpose of the Network security group

Question Title

* 1. What is the purpose of the Network security group

To Allow inbound traffic

To Deny inbound traffic

To allow and deny inbound or outbound traffic

Review the screen shot attached and select the answer appropriately.

Based on your understanding of the NSG , who created these inbound and
outbound rules.

Question Title

* 2. Review the screen shot attached and select the answer appropriately.
Based on your understanding of the NSG , who created these inbound and
outbound rules.

This is default NSG security rules created by Azure at the time of NSG resource creation.

This is no default NSG security rules created by Azure at the time of NSG resource creation.

The network admin of the account created this NSG security rules.

In the given rule set which rule will be applied first

Question Title

* 3. In the given rule set which rule will be applied first

65000

65001

65500

Your customer wants to delete the default rules.

What will be the impact when you delete the default rules.

Question Title

* 4. Your customer wants to delete the default rules. What will be the impact when you delete the default rules.

Its not possible to delete the default NSG rules

It will affect the inbound and outbound traffic.

Azure will recreate the deleted security rules.

Your customers want to all allow ICMP (East-West traffic only) which option
they should select to allow ICMP traffic (east - west) All traffic

Question Title

* 5. Your customers want to all allow ICMP (East-West traffic only) which option
they should select to allow ICMP traffic (east - west)

TCP

UDP

ANY

You customer is hosting number of Windows VM , they want to ensure all the licensing, a request is sent to the Key Management Service host servers that handle such queries. Which port will be used for outbound traffic.

Question Title

* 6. You customer is hosting number of Windows VM , they want to ensure all the licensing, a request is sent to the Key Management Service host servers that handle such queries. Which port will be used for outbound traffic.

1689

1688

1433

Which default rule is responsible for allowing ICMP traffic to flow through the VNET

Question Title

* 7. Which default rule is responsible for allowing ICMP traffic to flow through the VNET

AllowVNetInBound

AllowVNetInBound and AllowVnetOutBound

AllowVnetOutBound

You customer has deployed VPN gateway in a sub net and applied very detailed NSG rules. They are planning to do cross-VNET connectivity. What will be your best practice advise the customer.

Question Title

* 8. You customer has deployed VPN gateway in a sub net and applied very detailed NSG rules. They are planning to do cross-VNET connectivity. What will be your best practice advise the customer.

There wont be any issues and cross-vnet connectivity will work fine.

The recommendation is not to apply NSG on a subnet that hosting the VPN Gateway.

Azure wont allow to deploy NSG on a Subnet thats hosting the VPN Gateway.

You are working for large retail chain and the security team wants to block
out 168.63.129.16. If you block the ip address what will be impact on infrastructure services such as DHCP, DNS,.

Question Title

* 9. You are working for large retail chain and the security team wants to block
out 168.63.129.16. If you block the ip address what will be impact on infrastructure services such as DHCP, DNS,.

There will be no impact and it will business as usual

Azure services will use this ip address to communicate , if this address is blocked DNS , DHCP , health monitoring will be affected.

DNS needs to this ip address and other services wont be affected.

Your customer wants to white list all the storage account in East US region.
Which of the following approaches you will recommend to your customer.

Question Title

* 10. Your customer wants to white list all the storage account in East US region.
Which of the following approaches you will recommend to your customer.

Every week extract the Storage IP address from the Azure IP list and then build a power shell script to update the

Azure provides Service Tag to white Storage accounts.

Pre build all the storage accounts upfront and build NSG rules to white list only those IP address. Advise the customer not to delete the storage accounts.

Question Title

* 1. What is the purpose of the Network security group

Question Title

* 2. Review the screen shot attached and select the answer appropriately. Based on your understanding of the NSG , who created these inbound and outbound rules.

Question Title

* 3. In the given rule set which rule will be applied first

Question Title

* 4. Your customer wants to delete the default rules. What will be the impact when you delete the default rules.

Question Title

* 5. Your customers want to all allow ICMP (East-West traffic only) which option they should select to allow ICMP traffic (east - west)

Question Title

* 6. You customer is hosting number of Windows VM , they want to ensure all the licensing, a request is sent to the Key Management Service host servers that handle such queries. Which port will be used for outbound traffic.

Question Title

* 7. Which default rule is responsible for allowing ICMP traffic to flow through the VNET

Question Title

* 8. You customer has deployed VPN gateway in a sub net and applied very detailed NSG rules. They are planning to do cross-VNET connectivity. What will be your best practice advise the customer.

Question Title

* 9. You are working for large retail chain and the security team wants to blockout 168.63.129.16. If you block the ip address what will be impact on infrastructure services such as DHCP, DNS,.

Question Title

* 10. Your customer wants to white list all the storage account in East US region. Which of the following approaches you will recommend to your customer.

* 2. Review the screen shot attached and select the answer appropriately.
Based on your understanding of the NSG , who created these inbound and
outbound rules.

* 5. Your customers want to all allow ICMP (East-West traffic only) which option
they should select to allow ICMP traffic (east - west)

* 9. You are working for large retail chain and the security team wants to block
out 168.63.129.16. If you block the ip address what will be impact on infrastructure services such as DHCP, DNS,.

* 10. Your customer wants to white list all the storage account in East US region.
Which of the following approaches you will recommend to your customer.