15 Azure Cloud questions to verify that you understand Azure Network Security Groups
Azure Network Security Groups are important for hardening your virtual network and increasing security of your cloud-hosted application. Check how well you understand them.
What are the default inbound rules for Azure Network Security Group?
Answer
AllowVNetInBound
Priority | Source | Source ports | Destination | Destination ports | Protocol | Access |
---|---|---|---|---|---|---|
65000 | VirtualNetwork | 0-65535 | VirtualNetwork | 0-65535 | Any | Allow |
AllowAzureLoadBalancerInBound
Priority | Source | Source ports | Destination | Destination ports | Protocol | Access |
---|---|---|---|---|---|---|
65001 | AzureLoadBalancer | 0-65535 | 0.0.0.0/0 | 0-65535 | Any | Allow |
DenyAllInbound
Priority | Source | Source ports | Destination | Destination ports | Protocol | Access |
---|---|---|---|---|---|---|
65500 | 0.0.0.0/0 | 0-65535 | 0.0.0.0/0 | 0-65535 | Any | Deny |
What are the default outbound rules for Azure Network Security Group?
Answer
AllowVnetOutBound
Priority | Source | Source ports | Destination | Destination ports | Protocol | Access |
---|---|---|---|---|---|---|
65000 | VirtualNetwork | 0-65535 | VirtualNetwork | 0-65535 | Any | Allow |
AllowInternetOutBound
Priority | Source | Source ports | Destination | Destination ports | Protocol | Access |
---|---|---|---|---|---|---|
65001 | 0.0.0.0/0 | 0-65535 | Internet | 0-65535 | Any | Allow |
DenyAllOutBound
Priority | Source | Source ports | Destination | Destination ports | Protocol | Access |
---|---|---|---|---|---|---|
65500 | 0.0.0.0/0 | 0-65535 | 0.0.0.0/0 | 0-65535 | Any | Deny |
What are the settings that you need to set for each Azure Network Security Group (NSG) rule?
Answer
- Name
- Priority - 1 (highest) ... 65536 (lowest)
- Source
- Source ports
- Destination
- Destination ports
- Protocol
- Access - Allow/Deny
What are the protocol values that can be set for Azure Network Security Group (NSG) rule?
Answer
- Any
- TCP
- UDP
- ICMP
What are the Source and Destination values that we can set for Azure Network Security Group (NSG)?
Answer
- Any
- IP Address
- Service Tag
- Application security group
How many IP addresses can be defined in a Azure Network Security Group (NSG) rule?
Answer
Each rule cna have Source and Destination fields defined.
You can put one or more IP addresses into each field. Either comma separated list of IPs or CIDR ranges can be provided.
Can you set multiple service tags or Application security groups (ASGs) to either Source or Destination of Azure Network Security Group (NSG)?
Answer
No, you can't.
Only one service tag or Application security group can be set in Source/Destination.
You configured Azure NSG to allow a incoming traffic flow via port 443, but it doesn't seem to work correctly. How can you analyze and fix the issue?
Answer
You have deployed a VM with Windows OS to Azure VNET. You want to connect to it so you contigure your NSG to allow 3389 port using UDP protocol. Will the connection work?
Answer
How can you monitor source IPs of traffic that comes from on-premises network to basic internal load balancer in Azure?
Answer
- Add a network security group (NSG) and configure the security rules that allow the incoming traffic.
- Create a Azure Log Analytics Workspace.
- Configure Diagnostic settings to export logs and metrics to the Log Analytics Workspace.
What steps do you need to execute to enable NSG flow logging?
Answer
- Create a VM with a network security group
- Enable Network Watcher and register the Microsoft.Insights provider
- Enable a traffic flow log for an NSG, using Network Watcher's NSG flow log capability
- Download logged data
- View logged data
How do you ensure that only connections from the Internet to VNET1\subnet0 are allowed over TCP port 1234?
Answer
- Configure NSG rule, set source to Internet, target to any.
- Assign the NSG to the subnet0
- Set the Destination port to 1234, Protocol to TPC
You have VMs in 3 subnets of the same Azure VNET. How many network security groups (NSGs) do you need in order to allow access from Internet to all the VMs?
Answer
What will happen with the approved JIT access request to Azure virtual machine (VM) if you delete the security rule in the network security group (NSG)?
Answer
The access request will be revoked.
The deleted NSG rule won't be recreated automatically.
What will you do to ensure that the NetworkSecurityGroupRuleCounter log is stored to Azure Storage account and kept for 30 days?
Answer
- Sign in to Azure Portal
- Find your Network Security Group
- Go to Diagnostic Settings
- Add diagnostic setting link
- Fill in Diagnostic settings name field
- In the Log section, select NetworkSecurityGroupRuleCounter
- In the Destination details section, select Archive to a storage account
- In the Storage account field, select the storage account
- In the Retention (days) field, enter 30
- Click the Save button
Blog
15 Azure Cloud questions to verify that you understand Azure Network Security Groups
Azure Network Security Groups are important for hardening your virtual network and increasing security of your cloud-hosted application. Check how well you understand them.
Read article25 Adobe XD questions that will help you to nail your job interview
Here's a comprehensive list of Adobe XD job interview questions along with answers that will help you to nail the job interview, identify knowledge gaps and learn new things about Adobe XD. Adobe XD is a powerful tool for creating prototypes and designing user experience.
Read article25 Flexbox questions that will help you to nail your job interview
Here's a comprehensive list of Flexbox job interview questions along with answers that will help you to nail the job interview, identify knowledge gaps and learn new things about flexbox. Flexbox is a layout mode added in CSS3 to replace hacky float and table layouts. It allows responsive elements within a container to be automatically arranged depending upon screen size.
Read article25 Git questions that will help you to nail your job interview
Here's a comprehensive list of Git job interview questions along with answers that will help you to nail the job interview, identify knowledge gaps and learn new things about Git. Git is a modern distributed version control system and is currently the most popular system in use.
Read article25 Kubernetes questions that will help you get certified and become more efficient with K8s
Kubernetes is not easy to master. There are some tricks that will make you faster and more confident in maintaining Kubernetes clusters. This set of question will bring you to the next level. If you want to get certified, make sure you go through the list.
Read article