Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You create a resource lock, and then you assign the lock to the subscription.
Does this meet the goal?
Click on the arrows to vote for the correct answer
A. B.B
How can I freeze or lock my production/critical Azure resources from accidental deletion? There is way to do this with both ASM and ARM resources using Azure resource lock.
https://blogs.msdn.microsoft.com/azureedu/2016/04/27/using-azure-resource-manager-policy-and-azure-lock-to-control-your-azure-resources/No, the provided solution does not meet the stated goal of automatically blocking TCP port 8080 between the virtual networks when an NSG is created.
Resource locks are a way to prevent accidental deletion or modification of Azure resources, but they do not provide any network security functionality. Assigning a resource lock to the subscription will not automatically block TCP port 8080 between the virtual networks when an NSG is created.
To meet the stated goal, you can use Azure Firewall to create network rules that block traffic between the virtual networks on TCP port 8080. You can then associate the Azure Firewall with the virtual networks. When an NSG is created, it will automatically inherit the rules configured in the Azure Firewall.
Alternatively, you can use Azure Network Watcher to create network security groups with predefined rules that block TCP port 8080 between the virtual networks. You can then associate these NSGs with the virtual networks. When a new NSG is created, it will automatically inherit the predefined rules.
In summary, the provided solution does not meet the stated goal, and a different approach such as using Azure Firewall or Azure Network Watcher is required to automatically block TCP port 8080 between the virtual networks when an NSG is created.