Analyze Network Traffic with Azure Advisor
Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company deploys several virtual machines on-premises and to Azure. ExpressRoute is deployed and configured for on-premises to Azure connectivity.
Several virtual machines exhibit network connectivity issues.
You need to analyze the network traffic to identify whether packets are being allowed or denied to the virtual machines.
Solution: Use Azure Advisor to analyze the network traffic.
Does this meet the goal?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B.B
Instead use Azure Network Watcher IP Flow Verify, which allows you to detect traffic filtering issues at a VM level.
Note: IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overviewNo, using Azure Advisor to analyze the network traffic does not meet the goal of identifying whether packets are being allowed or denied to the virtual machines.
Azure Advisor is a tool that provides recommendations to optimize Azure resources for better performance, high availability, and cost-efficiency. It does not have the capability to analyze network traffic and identify whether packets are being allowed or denied to virtual machines.
To identify network connectivity issues and whether packets are being allowed or denied to virtual machines, you can use Azure Network Watcher. Azure Network Watcher is a network monitoring and diagnostic service that provides tools to monitor, diagnose, and troubleshoot network issues in Azure. It can help you to identify the source of connectivity issues and troubleshoot them.
One of the tools provided by Azure Network Watcher is the Network Security Group (NSG) Flow Logs. NSG Flow Logs capture information about IP traffic flowing through an NSG, including allowed and denied traffic. You can use NSG Flow Logs to analyze network traffic and identify whether packets are being allowed or denied to virtual machines.
In summary, to identify whether packets are being allowed or denied to virtual machines, you should use Azure Network Watcher and specifically the NSG Flow Logs tool, not Azure Advisor.
