Using Azure Information Protection for Secure Deployment

A

A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network.

You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets.

You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.

The correct answer is A, a network security group (NSG).

Explanation:

A network security group (NSG) is an Azure resource that acts as a firewall for controlling traffic in and out of virtual machines and subnets. It can be used to filter network traffic based on port, protocol, and source/destination IP address ranges.

In this scenario, to control the ports that devices on the Internet can use to access the virtual machines, you would need to create an NSG rule that allows traffic on the specific port(s) you want to use. By default, all incoming traffic is blocked, so you must create rules to allow traffic to the virtual machines.

An Azure Active Directory (Azure AD) role is used to grant permissions to manage Azure resources, not to control network traffic. An Azure Active Directory group is used to manage access to Azure resources and to assign roles to users or groups, but again, not to control network traffic. An Azure key vault is used to store and manage cryptographic keys, secrets, and certificates. It is not related to controlling network traffic.

Therefore, the correct option to use in this scenario is A, a network security group (NSG).