Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You configure a custom policy definition, and then you assign the policy to the subscription.
Does this meet the goal?
Click on the arrows to vote for the correct answer
A. B.A
Resource policy definition used by Azure Policy enables you to establish conventions for resources in your organization by describing when the policy is enforced and what effect to take. By defining conventions, you can control costs and more easily manage your resources.
https://docs.microsoft.com/en-us/azure/azure-policy/policy-definitionThe given solution does not meet the stated goal.
Creating a custom policy definition and assigning it to the subscription does not automatically block TCP port 8080 between the virtual networks.
Policy definitions in Azure are used to enforce compliance with organizational standards and Azure best practices. Policy definitions can be used to audit resources in Azure and take actions such as deny, append, audit, or auditIfNotExists based on the compliance status of the resource.
However, to block TCP port 8080 between virtual networks, you need to create a Network Security Group (NSG) and configure the required rules.
The NSG is an Azure resource that provides inbound and outbound filtering on network traffic. You can create NSGs and associate them with virtual networks, subnets, or network interfaces. To block TCP port 8080 between virtual networks, you can create an NSG and add an inbound security rule that denies traffic on port 8080 from the source virtual network to the destination virtual network.
In summary, to meet the stated goal, you need to create an NSG and configure the required rules. Creating a custom policy definition and assigning it to the subscription does not meet the goal of automatically blocking TCP port 8080 between virtual networks.
Therefore, the answer is B. No.