<< Prev Question Next Question >>
Question 13/66
You have an Azure subscription that contains a virtual network named Vnet1. Vnet1 contains 20 subnets and 500 virtual machines. Each subnet contains a virtual machine that runs network monitoring software.
You have a network security group (NSG) named NSG1 associated to each subnet.
When a new subnet is created in Vnet1, an automated process creates an additional network monitoring virtual machine in the subnet and links the subnet to NSG1.
You need to create an inbound security rule in NS61 that will allow connections to the network monitoring virtual machines from an IP address of 131.107.1.15. The solution must meet the following requirements:
* Ensure that only the monitoring virtual machines receive a connection from 131.107.1.15.
* Minimize changes to NSG1 when a new subnet is created.
What should you use as the destination in the inbound security rule?
You have a network security group (NSG) named NSG1 associated to each subnet.
When a new subnet is created in Vnet1, an automated process creates an additional network monitoring virtual machine in the subnet and links the subnet to NSG1.
You need to create an inbound security rule in NS61 that will allow connections to the network monitoring virtual machines from an IP address of 131.107.1.15. The solution must meet the following requirements:
* Ensure that only the monitoring virtual machines receive a connection from 131.107.1.15.
* Minimize changes to NSG1 when a new subnet is created.
What should you use as the destination in the inbound security rule?
Recent Comments (The most recent comments are at the top.)
to create an inbound security rule in NSG1 that will allow connections to the network monitoring virtual machines from the IP address 131.107.1.15 and meet the given requirements, you should use: Correct Answer: C. an application security group The key points are:
To ensure that only the monitoring virtual machines receive a connection from 131.107.1.15, you should use an application security group (ASG) as the destination in the inbound security rule.
By using an ASG, you can group the network monitoring virtual machines together and apply the security rule to the ASG. This way, when a new subnet is created and a new monitoring virtual machine is added, it will automatically be part of the ASG, and the security rule will apply to it without needing to make changes to NSG1.
The search results do not indicate that using an IP address, virtual network, or service tag as the destination would meet the requirement of minimizing changes to NSG1 when a new subnet is created.
Therefore, the correct answer is to use an application security group as the destination in the inbound security rule in NSG1....