Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You create a resource lock, and then you assign the lock to the subscription.
Does this meet the goal?
Click on the arrows to vote for the correct answer
A. B.B
How can I freeze or lock my production/critical Azure resources from accidental deletion? There is way to do this with both ASM and ARM resources using Azure resource lock.
https://blogs.msdn.microsoft.com/azureedu/2016/04/27/using-azure-resource-manager-policy-and-azure-lock-to-control-your-azure-resources/No, the provided solution does not meet the stated goal of automatically blocking TCP port 8080 between the virtual networks when an NSG is created.
Resource locks are a feature in Azure that allows you to lock a resource to prevent it from being deleted or modified. They do not provide any network security functionality, nor can they be used to automatically block traffic between virtual networks.
To automatically block TCP port 8080 between virtual networks when an NSG is created, you can use Azure Firewall. Azure Firewall is a managed, cloud-based network security service that provides network and application-level protection for your virtual network resources.
To implement this solution, you can follow these steps:
Create an Azure Firewall resource in your subscription.
Configure the Azure Firewall to block traffic on TCP port 8080 between the virtual networks. You can do this by creating a network rule collection and adding a rule that blocks traffic on port 8080.
Associate the Azure Firewall with the virtual networks that you want to protect. You can do this by creating a virtual network rule collection and adding a rule that associates the virtual networks with the Azure Firewall.
Once this is done, any NSGs that are created in your subscription will automatically be subject to the network rules that you have configured in Azure Firewall. This will ensure that TCP port 8080 is blocked between the virtual networks.