Manage Azure Web App Settings
Question
Your company plans to move several servers to Azure.
The company's compliance policy states that a server named FinServer must be on a separate network segment.
You are evaluating which Azure services can be used to meet the compliance policy requirements.
Which Azure solution should you recommend?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.B
Networks in Azure are known as virtual networks. A virtual network can have multiple IP address spaces and multiple subnets. Azure automatically routes traffic between different subnets within a virtual network.
The question states that FinServer must be on a separate network segment. The only way to separate FinServer from the other servers in networking terms is to place the server in a different virtual network to the other servers.
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-vnet-plan-design-armThe correct answer is B. a virtual network for FinServer and another virtual network for all the other servers.
Explanation:
To meet the company's compliance policy, the FinServer must be on a separate network segment. This can be achieved by creating separate virtual networks in Azure. A virtual network is an isolated network environment that allows resources to securely communicate with each other. Each virtual network is isolated from other virtual networks and can be connected to other virtual networks, on-premises networks, or the Internet.
Option A, creating separate resource groups for FinServer and other servers, does not provide network isolation. Resource groups are logical containers that hold related Azure resources, but they do not provide network segmentation.
Option C, using a VPN for FinServer and a virtual network gateway for each other server, is not the best solution because it is more complex and costly than necessary. VPNs are used to securely connect on-premises networks to virtual networks in Azure. Using a VPN for FinServer and a virtual network gateway for each other server would require multiple VPN connections and virtual network gateways, which can be expensive and difficult to manage.
Option D, creating one resource group for all the servers and using a resource lock for FinServer, does not provide network isolation. Resource locks are used to prevent accidental deletion or modification of Azure resources, but they do not provide network segmentation.
Therefore, the best solution to meet the company's compliance policy is to create separate virtual networks for FinServer and all the other servers in Azure. This ensures that FinServer is on a separate network segment, which satisfies the compliance policy.
