Your Azure environment contains multiple Azure virtual machines.
You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.
What are two possible solutions? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
Click on the arrows to vote for the correct answer
A. B. C. D.B
A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network.
You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets.
You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
In this question, we need to add a rule to the network security group to allow the connection to the virtual machine on port 80 (HTTP).
https://docs.microsoft.com/en-us/azure/virtual-network/security-overviewThe correct answers for this scenario are B. Modify a network security group (NSG) and D. Modify an Azure firewall.
Explanation: To make the virtual machine accessible from the internet over HTTP, we need to allow inbound traffic on port 80 (HTTP) through the Azure Network Security Group (NSG) and Azure Firewall.
Option A - Modify an Azure Traffic Manager profile: This option is not applicable in this scenario. Azure Traffic Manager is used for traffic routing and load balancing across multiple endpoints. It does not help in allowing inbound traffic on a specific port.
Option B - Modify a network security group (NSG): This is the correct solution as NSG is a security feature in Azure that filters inbound and outbound traffic based on rules. By modifying the NSG, we can allow inbound traffic on port 80 to reach the virtual machine named VM1.
Option C - Modify a DDoS protection plan: This option is not applicable in this scenario. DDoS protection plan is used to mitigate and prevent DDoS attacks on Azure resources. It does not help in allowing inbound traffic on a specific port.
Option D - Modify an Azure firewall: This is another correct solution as Azure Firewall is a managed, cloud-based network security service that provides inbound and outbound traffic filtering. By modifying the Azure Firewall, we can allow inbound traffic on port 80 to reach the virtual machine named VM1.
In summary, the correct answers for this scenario are B. Modify a network security group (NSG) and D. Modify an Azure firewall.