Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You assign a built-in policy definition to the subscription.
Does this meet the goal?
Click on the arrows to vote for the correct answer
A. B.B
Resource policy definition used by Azure Policy enables you to establish conventions for resources in your organization by describing when the policy is enforced and what effect to take. By defining conventions, you can control costs and more easily manage your resources.
https://docs.microsoft.com/en-us/azure/azure-policy/policy-definitionThe proposed solution does not meet the goal of automatically blocking TCP port 8080 between the virtual networks when an NSG is created.
Assigning a built-in policy definition to the subscription would only enforce policy compliance on resources within the subscription. Policy definitions are used to enforce rules and actions over resources in Azure. They can be assigned at the subscription, resource group, or resource level to ensure compliance with organizational standards, government regulations, or other business requirements. Policy definitions can be customized or chosen from a list of built-in policies.
However, in this scenario, the goal is to block TCP port 8080 between virtual networks when an NSG is created. This requires creating a custom policy definition or using an existing built-in policy definition that specifically addresses this requirement.
One possible solution is to create a custom policy definition that specifies the rule to block TCP port 8080 between virtual networks. Then, the policy definition can be assigned at the subscription or resource group level to enforce the policy. Another solution is to use Azure Firewall or Azure Network Watcher to enforce network traffic filtering between virtual networks.
In conclusion, assigning a built-in policy definition to the subscription does not meet the goal of automatically blocking TCP port 8080 between the virtual networks when an NSG is created. Instead, a custom policy definition or other network filtering solutions should be implemented. Therefore, the answer is B. No.