Each virtual machine uses a static IP address.
You need to create network security groups (NSGs) to meet following requirements:
✑ Allow web requests from the internet to VM3, VM4, VM5, and VM6.
✑ Allow all connections between VM1 and VM2.
✑ Allow Remote Desktop connections to VM1.
✑ Prevent all other network traffic to VNET1.
What is the minimum number of NSGs you should create?
- A. 1
- B. 3
- C. 4
- D. 12
Correct Answer: A
NSGs can be associated to subnets, individual VMs (classic), or individual network interfaces (NIC) attached to VMs (Resource Manager). You can associate zero, or one, NSG(s) to each VNet subnet and NIC in a virtual machine. The same NSG can be associated to as many subnets and NICs as you choose.
So, you can create 1 NSG and associate it with all 3 Subnets.
– Allow web requests from internet to VM3, VM4, VM5 and VM 6: You need to add an inbound rule to allow Internet TCP 80 to VM3, VM4, VM5 and VM6 static IP addresses.
– Allow all connections between VM1 & VM2: You do not need an NSG as communication in the same VNet is allowed by default, without even configuring NSG.
– Allow remote desktop to VM1: You need to add an inbound rule to allow RDP 3389 in VM1’s static IP address .
– Prevent all other network traffic to VNET1: You do not need to configure any NSG as the there is explicit deny rule (DenyAllInbound) in every NSG.
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#default-security-rules