Azure Virtual Machine Port Access Control | Microsoft Azure Fundamentals Exam

Control Access to Azure Virtual Machines

Prev Question Next Question

Question

You plan to deploy several Azure virtual machines.

You need to control the ports that devices on the Internet can use to access the virtual machines.

What should you use?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

A

A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network.

You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets.

You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.

https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

The correct answer is A. a network security group (NSG).

Explanation: When deploying Azure virtual machines (VMs), it is important to secure them against unauthorized access. One way to do this is to control the ports that devices on the Internet can use to access the VMs. This can be achieved by using a network security group (NSG).

A network security group is a security feature in Azure that acts as a firewall for virtual machines. It enables you to control inbound and outbound traffic to a virtual machine by allowing or denying traffic based on the port number, source IP address, destination IP address, and protocol.

By using an NSG, you can create rules to allow or deny traffic to specific ports. For example, you can create a rule that allows traffic on port 80 for a web server, while denying traffic on all other ports. This ensures that only authorized traffic is allowed to access the virtual machine.

Azure Active Directory (Azure AD) is a cloud-based identity and access management service that helps secure access to applications and resources. It is not used for controlling traffic to virtual machines.

Azure AD roles and groups are used for managing access to Azure resources, such as virtual machines, but do not provide the ability to control traffic to the virtual machines.

Azure Key Vault is a cloud-based service that helps safeguard cryptographic keys and secrets used by applications and services. It is not used for controlling traffic to virtual machines.

Therefore, the correct answer is A. a network security group (NSG).