Knowledge check

Completed

Your company is migrating several sites to Azure. You're responsible for implementing network security groups and designing effective security rules to control network traffic. You need to ensure that virtual machine networking and Azure services networking are both secure.

• The infrastructure team has two network security group security rules for inbound traffic to the back-end web servers. There's an allow rule with a priority of 200, and a deny rule with a priority of 150.

• The IT team wants to apply service tags for the virtual machine IP addresses.

• You're exploring how to use default rules to apply security to inbound traffic from virtual machines within your virtual network.

Answer the following questions

Choose the best response for each of the following questions.

1.

Which of the security rules defined by the infrastructure team takes precedence?

The allowed rule takes precedence.

The deny rule takes precedence.

The rule that was created first takes precedence.

2.

How do Application Security Groups (ASGs) enhance network security within Azure Virtual Networks?

By encrypting virtual network traffic.

By applying anti-virus software.

By grouping virtual machines according to their functions.

3.

What happens to network traffic that doesn't match any NSG rules?

Network traffic is allowed.

Network traffic is denied.

Network traffic checks another server.

You must answer all questions before checking your work.