You have the network security groups (NSGs) shown in the following table

HOTSPOT

You have the network security groups (NSGs) shown in the following table.

In NSG1, you create inbound rules as shown in the following table.

You have the Azure virtual machines shown in the following table.

NSG2 has only the default rules configured.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

View Answer

Answer:

Explanation:

Based on the information provided in the images about the network security groups (NSGs), the rules within NSG1, and the virtual machines’ subnet assignments, we can determine the connectivity between the VMs.

NSG1 is associated with Subnet1 and has the following custom inbound rules:

Priority 101: Allow port 80 from any source.

Priority 150: Allow port 443 from any source.

Priority 200: Deny all traffic from the virtual network.

NSG2, associated with Subnet2, has only the default rules, which generally allow communication within the VNet and deny all inbound traffic from other sources unless specifically allowed by a rule.

VM1 and VM2 are in Subnet1, and VM3 is in Subnet2.

With this setup, here are the answers to the connectivity statements:

VM3 can connect to port 8080 on VM1.

Answer. No. VM1 is in Subnet1, which has NSG1 with a rule that denies all traffic from the virtual network (priority 200). Since there is no rule allowing port 8080, VM3 (which is in Subnet2) cannot connect to VM1 on port 8080.

VM1 and VM2 can connect on port 9090.

Answer. No. Both VM1 and VM2 are in Subnet1, which has NSG1 applied to it. NSG1 has a deny all rule for the virtual network traffic (priority 200), so even though they are in the same subnet, the NSG rule will block communication on port 9090.

VM1 can connect to VM3 on port 9090.

Answer. No. VM3 is in Subnet2, which is subject to NSG2’s default rules. The default rules of NSG2 would block inbound traffic from other subnets unless a specific rule is created to allow it. Additionally, NSG1 would block outbound traffic to the virtual network, so VM1 cannot initiate a connection to VM3 on port 9090.