AZ-400 · Question #121
SIMULATION You need to prepare a network security group (NSG) named az400-9940427-nsg1 to host an Azure DevOps pipeline agent. The solution must allow only the required outbound port for Azure DevOps
The correct answer configures an outbound security rule on the NSG to allow TCP port 8080, which is the default port Azure DevOps Server uses for communication. By adding only this specific outbound allow rule and relying on Azure NSG's default 'Deny All' rules for inbound and ou
Question
Explanation
The correct answer configures an outbound security rule on the NSG to allow TCP port 8080, which is the default port Azure DevOps Server uses for communication. By adding only this specific outbound allow rule and relying on Azure NSG's default 'Deny All' rules for inbound and outbound internet traffic (priority 65500 DenyAllInBound and 65001 DenyAllOutBound after default rules), the solution satisfies the requirement of allowing only the required Azure DevOps port while blocking all other internet access. The steps correctly navigate to Outbound security rules rather than inbound, since the pipeline agent needs to reach out to Azure DevOps services, not receive incoming connections.
Topics
Community Discussion
No community discussion yet for this question.