Automatically Blocking TCP Port 8080 Between Virtual Networks
Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You create a resource lock, and then you assign the lock to the subscription.
Does this meet the goal?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B.B
No, creating a resource lock and assigning it to the subscription does not meet the stated goal of automatically blocking TCP port 8080 between the virtual networks when an NSG is created.
A resource lock is a setting that can be applied to prevent other users in your organization from accidentally deleting or modifying critical Azure resources. It does not have any direct impact on the network traffic or security settings of the virtual networks.
To achieve the desired outcome of automatically blocking TCP port 8080 between the virtual networks when an NSG is created, you can use Azure Firewall to create a network rule that blocks traffic on that port between the specified virtual networks.
To do this, you can follow these steps:
- Create an Azure Firewall resource and associate it with a subnet in a virtual network.
- Create a network rule that blocks traffic on TCP port 8080 between the desired virtual networks.
- Ensure that the virtual networks have a user-defined route to send traffic to the Azure Firewall for inspection and enforcement.
- When the other administrator creates a new NSG, ensure that they do not create any conflicting rules that allow traffic on TCP port 8080 between the virtual networks.
Alternatively, you could also create a PowerShell script or Azure Resource Manager template that automates the process of creating the Azure Firewall and network rules for the desired virtual networks. This would allow for consistent and repeatable deployment of the network security configuration.
