AZ-104 · Question #597
AZ-104 Question #597: Real Exam Question with Answer & Explanation
The correct answer is C: Service Tag. You can use service tags to achieve network isolation and protect your Azure resources from the general Internet while accessing Azure services that have public endpoints. Create inbound/outbound network security group rules to deny traffic to/from Internet and allow traffic to/f
Question
You have a subnet named Subnet1 that contains Azure virtual machines. A network security group (NSG) named NSG1 is associated to Subnet1. NSG1 only contains the default rules. You need to create a rule in NSG1 to prevent the hosts on Subnet1 form connecting to the Azure portal. The hosts must be able to connect to other internet hosts. To what should you set Destination in the rule?
Options
- AApplication security group
- BIP Addresses
- CService Tag
- DAny
Explanation
You can use service tags to achieve network isolation and protect your Azure resources from the general Internet while accessing Azure services that have public endpoints. Create inbound/outbound network security group rules to deny traffic to/from Internet and allow traffic to/from AzureCloud or other available service tags of specific Azure services. https://docs.microsoft.com/en-us/azure/virtual-network/service-tags-overview
Community Discussion
No community discussion yet for this question.