Your company plans to deploy several web servers and several database servers to Azure.
You need to recommend an Azure solution to limit the types of connections from the web servers to the database servers.
What should you include in the recommendation?
Click on the arrows to vote for the correct answer
A. B. C. D.A
A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network.
You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets.
You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
https://docs.microsoft.com/en-us/azure/virtual-network/security-overviewThe correct answer for this question is A. Network Security Groups (NSGs).
Explanation:
When deploying resources to Azure, it is important to secure the network traffic between resources to prevent unauthorized access to sensitive data or resources. Network Security Groups (NSGs) are a type of Azure resource that provide inbound and outbound security filtering for virtual network (VNet) resources.
NSGs enable you to create security rules that allow or deny network traffic based on source and destination IP address, port, and protocol. You can use NSGs to restrict the types of connections between web servers and database servers to improve security.
In this scenario, you can create NSGs that allow incoming traffic from the web servers to the database servers only on the required ports and protocols, such as port 1433 for SQL Server. You can also deny all other incoming traffic from the web servers to the database servers to prevent unauthorized access.
Azure Service Bus is a messaging service that enables reliable and secure communication between distributed applications. It is not relevant for limiting the types of connections between web servers and database servers.
A local network gateway is a type of Azure resource that enables communication between an Azure virtual network and an on-premises network. It is not relevant for this scenario as there is no on-premises network involved.
A route filter is a type of Azure resource that enables you to control the routing of traffic between virtual networks. It is not relevant for this scenario as the question is about limiting the types of connections between web servers and database servers, not about routing traffic between virtual networks.