nerdexam
ExamsAZ-104Questions#512
MicrosoftMicrosoft

AZ-104 · Question #512

AZ-104 Question #512: Real Exam Question with Answer & Explanation

To allow VM1 to ping VM2, you need to create an inbound rule that permits ICMP traffic. Since the principle of least privilege requires the most restrictive rule possible, the rule should specify the exact source (VM1's IP address), destination (VM2's IP address), protocol (ICMP)

Submitted by renata2k· Mar 4, 2026Configure and manage virtual networking - specifically implementing NSG rules to control inbound and outbound traffic while adhering to least-privilege security principles (AZ-104: Implement and Manage Virtual Networking)

Question

Hotspot Question You have a network security group (NSG) named NSG1 that has the rules defined in the exhibit. (Click the Exhibit tab.) NSG1 is associated to a subnet named Subnet1. Subnet1 contains the virtual machines shown in the following table. You need to add a rule to NSG1 to ensure that VM1 can ping VM2. The solution must use the principle of least privilege. How should you configure the rule? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer:

Explanation

To allow VM1 to ping VM2, you need to create an inbound rule that permits ICMP traffic. Since the principle of least privilege requires the most restrictive rule possible, the rule should specify the exact source (VM1's IP address), destination (VM2's IP address), protocol (ICMP), and action (Allow), rather than using broad ranges like 'Any' or entire subnet CIDRs. ICMP is the protocol used by ping, and scoping the rule to specific IPs ensures no unnecessary access is granted to other resources.

Topics

#Network Security Groups#Azure Networking#ICMP/Ping Rules#Principle of Least Privilege

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full AZ-104 PracticeBrowse All AZ-104 Questions