You use a virtual network to extend an on-premises IT environment into the cloud. The virtual network has two virtual machines (VMs) that store sensitive data.
The data must only be available using internal communication channels. Internet access to those VMs is not permitted.
You need to ensure that the VMs cannot access the Internet.
Which two options should you recommend? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
Click on the arrows to vote for the correct answer
A. B. C. D.CD
To ensure that the VMs cannot access the Internet, you should recommend the use of Network Security Groups (NSG) and network interface (NIC). Network Security Groups allow you to control the traffic that goes in and out of a virtual machine based on port, protocol, and source/destination IP address. You can use NSG rules to block all outbound traffic from the VMs to the Internet.
In addition to the NSG, you should also configure the NICs of the VMs to prevent them from accessing the Internet. You can do this by configuring the NICs to not have a public IP address and only allow private IP addresses.
Here's a more detailed explanation of each option:
A. Network Interface (NIC) A NIC is a virtual network interface that connects a virtual machine to a virtual network in Azure. By default, a NIC is configured to allow outbound traffic to the Internet. To restrict outbound traffic, you can configure the NIC to not have a public IP address and only allow private IP addresses. This will ensure that the VM can only communicate within the virtual network and not with the Internet.
B. Network Security Groups (NSG) An NSG is a security feature in Azure that allows you to control the inbound and outbound traffic to a virtual machine. You can create NSG rules that define the allowed inbound and outbound traffic based on port, protocol, and source/destination IP address. By creating NSG rules that block all outbound traffic from the VMs to the Internet, you can ensure that the VMs cannot access the Internet.
C. Azure ExpressRoute Azure ExpressRoute is a dedicated private connection between an on-premises data center and Azure data centers. It provides a more reliable and predictable connection than a public Internet connection. However, ExpressRoute is not necessary for restricting outbound traffic from the VMs to the Internet.
D. Source Network Address Translation (SNAT) Source Network Address Translation (SNAT) is a technique that allows multiple virtual machines to share a single public IP address for outbound Internet traffic. However, SNAT is not necessary for restricting outbound traffic from the VMs to the Internet. In fact, SNAT would have the opposite effect, as it would allow the VMs to access the Internet using a shared public IP address.