How well do you know Azure network security group

* 1. What is the purpose of the Network security group

To Allow inbound traffic

To Deny inbound traffic

To allow and deny inbound or outbound traffic

* 2. Review the screen shot attached and select the answer appropriately.
Based on your understanding of the NSG , who created these inbound and
outbound rules.

This is default NSG security rules created by Azure at the time of NSG resource creation.

This is no default NSG security rules created by Azure at the time of NSG resource creation.

The network admin of the account created this NSG security rules.

* 3. In the given rule set which rule will be applied first

65000

65001

65500

* 4. Your customer wants to delete the default rules. What will be the impact when you delete the default rules.

Its not possible to delete the default NSG rules

It will affect the inbound and outbound traffic.

Azure will recreate the deleted security rules.

* 5. Your customers want to all allow ICMP (East-West traffic only) which option
they should select to allow ICMP traffic (east - west)

TCP

UDP

ANY

* 6. You customer is hosting number of Windows VM , they want to ensure all the licensing, a request is sent to the Key Management Service host servers that handle such queries. Which port will be used for outbound traffic.

1689

1688

1433

* 7. Which default rule is responsible for allowing ICMP traffic to flow through the VNET

AllowVNetInBound

AllowVNetInBound and AllowVnetOutBound

AllowVnetOutBound

* 8. You customer has deployed VPN gateway in a sub net and applied very detailed NSG rules. They are planning to do cross-VNET connectivity. What will be your best practice advise the customer.

There wont be any issues and cross-vnet connectivity will work fine.

The recommendation is not to apply NSG on a subnet that hosting the VPN Gateway.

Azure wont allow to deploy NSG on a Subnet thats hosting the VPN Gateway.

* 9. You are working for large retail chain and the security team wants to block
out 168.63.129.16. If you block the ip address what will be impact on infrastructure services such as DHCP, DNS,.

There will be no impact and it will business as usual

Azure services will use this ip address to communicate , if this address is blocked DNS , DHCP , health monitoring will be affected.

DNS needs to this ip address and other services wont be affected.

* 10. Your customer wants to white list all the storage account in East US region.
Which of the following approaches you will recommend to your customer.

Every week extract the Storage IP address from the Azure IP list and then build a power shell script to update the

Azure provides Service Tag to white Storage accounts.

Pre build all the storage accounts upfront and build NSG rules to white list only those IP address. Advise the customer not to delete the storage accounts.