15 Azure Cloud questions to verify that you understand Azure Network Security Groups
Azure Network Security Groups play a crucial role in fortifying your virtual network and enhancing the security of your cloud-based application. Evaluate your understanding of these key components now.
What are the default inbound rules for Azure Network Security Group?
Answer
AllowVNetInBound
| Priority | Source | Source ports | Destination | Destination ports | Protocol | Access |
|---|---|---|---|---|---|---|
| 65000 | VirtualNetwork | 0-65535 | VirtualNetwork | 0-65535 | Any | Allow |
AllowAzureLoadBalancerInBound
| Priority | Source | Source ports | Destination | Destination ports | Protocol | Access |
|---|---|---|---|---|---|---|
| 65001 | AzureLoadBalancer | 0-65535 | 0.0.0.0/0 | 0-65535 | Any | Allow |
DenyAllInbound
| Priority | Source | Source ports | Destination | Destination ports | Protocol | Access |
|---|---|---|---|---|---|---|
| 65500 | 0.0.0.0/0 | 0-65535 | 0.0.0.0/0 | 0-65535 | Any | Deny |
What are the default outbound rules for Azure Network Security Group?
Answer
AllowVnetOutBound
| Priority | Source | Source ports | Destination | Destination ports | Protocol | Access |
|---|---|---|---|---|---|---|
| 65000 | VirtualNetwork | 0-65535 | VirtualNetwork | 0-65535 | Any | Allow |
AllowInternetOutBound
| Priority | Source | Source ports | Destination | Destination ports | Protocol | Access |
|---|---|---|---|---|---|---|
| 65001 | 0.0.0.0/0 | 0-65535 | Internet | 0-65535 | Any | Allow |
DenyAllOutBound
| Priority | Source | Source ports | Destination | Destination ports | Protocol | Access |
|---|---|---|---|---|---|---|
| 65500 | 0.0.0.0/0 | 0-65535 | 0.0.0.0/0 | 0-65535 | Any | Deny |
What are the settings that you need to set for each Azure Network Security Group (NSG) rule?
Answer
- Name
- Priority - 1 (highest) ... 65536 (lowest)
- Source
- Source ports
- Destination
- Destination ports
- Protocol
- Access - Allow/Deny
What are the protocol values that can be set for Azure Network Security Group (NSG) rule?
Answer
- Any
- TCP
- UDP
- ICMP
What are the Source and Destination values that we can set for Azure Network Security Group (NSG)?
Answer
- Any
- IP Address
- Service Tag
- Application security group
How many IP addresses can be defined in a Azure Network Security Group (NSG) rule?
Answer
Each rule cna have Source and Destination fields defined.
You can put one or more IP addresses into each field. Either comma separated list of IPs or CIDR ranges can be provided.
Can you set multiple service tags or Application security groups (ASGs) to either Source or Destination of Azure Network Security Group (NSG)?
Answer
No, you can't.
Only one service tag or Application security group can be set in Source/Destination.
You configured Azure NSG to allow a incoming traffic flow via port 443, but it doesn't seem to work correctly. How can you analyze and fix the issue?
Answer
You have deployed a VM with Windows OS to Azure VNET. You want to connect to it so you contigure your NSG to allow 3389 port using UDP protocol. Will the connection work?
Answer
How can you monitor source IPs of traffic that comes from on-premises network to basic internal load balancer in Azure?
Answer
- Add a network security group (NSG) and configure the security rules that allow the incoming traffic.
- Create a Azure Log Analytics Workspace.
- Configure Diagnostic settings to export logs and metrics to the Log Analytics Workspace.
What steps do you need to execute to enable NSG flow logging?
Answer
- Create a VM with a network security group
- Enable Network Watcher and register the Microsoft.Insights provider
- Enable a traffic flow log for an NSG, using Network Watcher's NSG flow log capability
- Download logged data
- View logged data
How do you ensure that only connections from the Internet to VNET1\subnet0 are allowed over TCP port 1234?
Answer
- Configure NSG rule, set source to Internet, target to any.
- Assign the NSG to the subnet0
- Set the Destination port to 1234, Protocol to TPC
You have VMs in 3 subnets of the same Azure VNET. How many network security groups (NSGs) do you need in order to allow access from Internet to all the VMs?
Answer
What will happen with the approved JIT access request to Azure virtual machine (VM) if you delete the security rule in the network security group (NSG)?
Answer
The access request will be revoked.
The deleted NSG rule won't be recreated automatically.
What will you do to ensure that the NetworkSecurityGroupRuleCounter log is stored to Azure Storage account and kept for 30 days?
Answer
- Sign in to Azure Portal
- Find your Network Security Group
- Go to Diagnostic Settings
- Add diagnostic setting link
- Fill in Diagnostic settings name field
- In the Log section, select NetworkSecurityGroupRuleCounter
- In the Destination details section, select Archive to a storage account
- In the Storage account field, select the storage account
- In the Retention (days) field, enter 30
- Click the Save button
Blog
15 Azure Cloud questions to verify that you understand Azure Network Security Groups
Azure Network Security Groups play a crucial role in fortifying your virtual network and enhancing the security of your cloud-based application. Evaluate your understanding of these key components now.
Read article25 Adobe XD questions that will help you to nail your job interview
Presenting a thorough list of Adobe XD job interview questions, accompanied by their answers. This resource is expertly designed to empower you to excel in job interviews, pinpoint knowledge gaps, and uncover fresh insights about Adobe XD. Recognized as a potent tool, Adobe XD streamlines the creation of prototypes and the design of user experiences.
Read article25 Flexbox questions that will help you to nail your job interview
Introducing an all-inclusive list of Flexbox job interview questions, complete with answers. This resource is meticulously curated to aid you in acing job interviews, spotting areas of knowledge deficit, and discovering new facets of Flexbox. An innovative layout mode introduced in CSS3, Flexbox was designed to supersede less efficient float and table layouts. It enables the automatic arrangement of responsive elements within a container, adapting fluidly to different screen sizes.
Read article25 Git questions that will help you to nail your job interview
Presenting an extensive list of Git job interview questions, complete with answers. This resource is designed not only to help you ace your job interview but also to identify any existing knowledge gaps and provide an opportunity to learn new aspects about Git. As a modern distributed version control system, Git holds the position as the most widely used system in today's tech landscape.
Read article25 Kubernetes questions that will help you get certified and become more efficient with K8s
Mastering Kubernetes can be a complex task, but certain tips and tricks can expedite your journey, instilling you with confidence when it comes to maintaining Kubernetes clusters. This curated set of questions is designed to elevate your skills to the next level. If you're aiming for certification, going through this list is a must.
Read article