AZ-400 – Question 121

0
91
SIMULATION –

You need to prepare a network security group (NSG) named az400-9940427-nsg1 to host an Azure DevOps pipeline agent. The solution must allow only the required outbound port for Azure DevOps and deny all other inbound and outbound access to the Internet.
To complete this task, sign in to the Microsoft Azure portal.

Correct Answer: See explanation below.

Here is what Azure DevOps Server is:

Developers can work in the cloud using Azure DevOps Services or on-premises using Azure DevOps Server. Azure DevOps Server was formerly named Visual Studio Team Foundation Server (TFS).

https://docs.microsoft.com/en-us/azure/devops/user-guide/what-is-azure-devops?toc=%2Fazure%2Fdevops%2Fserver%2Ftoc.json&bc=%2Fazure%2Fdevops%2Fserver%2Fbreadcrumb%2Ftoc.json&view=azure-devops

But we’ve asked to deny everything else, one this is done we have to open for the RDP or SSH port to connect in order to install the agent.

So for me:
Inbound :
100 RDP/SSH 3389/22 Allow
110 0.0.0.0/0 * Deny
Outbound:
100 * 443 Allow

110 0.0.0.0/0 * Deny