After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.
You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail.
You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
- A. Yes
- B. No
Q. 2: Solution: You delete the BlockAllOther443 inbound security rule. Does this meet the goal?
- A. Yes
- B. No
Q. 3: Solution: You modify the priority of the Allow_131.107.100.50 inbound security rule.
Does this meet the goal?
- A. Yes
- B. No
Q. 4: Solution: You create an inbound security rule that denies all traffic from the 131.107.100.50 source and has a priority of 64999. Does this meet the goal?
- A. Yes
- B. No
Q. 5: Solution: You create an inbound security rule that allows any traffic from the AzureLoadBalancer source and has a cost of 150. Does this meet the goal?
- A. Yes
- B. No
Correct Answer: A
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
The rule with priority 200 blocks all inbound traffic. That involves the Azure Load Balancer health probe directed to the VM. That results in VM2 being considered unhealthy and the LB does not route traffic to it (hence the issue). By placing a rule with the priority 150 that allows the AzureLoadBalancer traffic tag, VM2 is discovered as functional/healthy, the LB directs traffic to it => problem solved.