AZ-500 · Question #384
AZ-500 Question #384: Real Exam Question with Answer & Explanation
The correct answer is C: Flow logs will be disabled for NSG1 and NSG2.. This is an audit policy with an exception for NSG1. Since Networrk Flow Log is disabled on NSG1 and NSG2 it remains disabled. You need DeployIfNotExists effect to activate NFL. https://azure.microsoft.com/en-us/updates/nsg-flow-logs-built-in-azure-policy/ We are launching two bui
Question
You have an Azure subscription that contains a resource group named RG1 and the network security groups (NSGs) shown in the following table. You create the Azure policy shown in the following exhibit. You assign the policy to RG1. What will occur if you assign the policy to NSG1 and NSG2?
Options
- AFlow logs will be enabled for NSG1 and NSG2.
- BFlow logs will be enabled for NSG2 only.
- CFlow logs will be disabled for NSG1 and NSG2.
- DFlow logs will be enabled for NSG1 only.
Explanation
This is an audit policy with an exception for NSG1. Since Networrk Flow Log is disabled on NSG1 and NSG2 it remains disabled. You need DeployIfNotExists effect to activate NFL. https://azure.microsoft.com/en-us/updates/nsg-flow-logs-built-in-azure-policy/ We are launching two built-in policies for deploying NSG Flow Logs - An Audit policy: Flag NSGs without Flow logs enabled - A DeployIfNotExists policy: Enable Flow logs on NSGs where it is disabled Get started with our tutorial for using the above policies.
Community Discussion
No community discussion yet for this question.