You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between
the virtual networks.
Solution: You configure a custom policy definition, and then you assign the policy to the
subscription.
Does this meet the goal?
Answer: A
Explanation:
Resource policy definition used by Azure Policy enables you to establish conventions for
resources in your organization by describing when the policy is enforced and what effect to take.
By defining conventions, you can control costs and more easily manage your resources.
Reference:
https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition
QUESTION 6
You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual
machine named VM1. VNet2 contains an Azure virtual machine named VM2.
VM1 hosts a frontend application that connects to VM2 to retrieve data.
Users report that the frontend application is slower than usual.
You need to view the average round-trip time (RTT) of the packets from VM1 to VM2.
Which Azure Network Watcher feature should you use?
Answer: C
Explanation:
The connection monitor capability monitors communication at a regular interval and informs you
of reachability, latency, and network topology changes between the VM and the endpoint
Incorrect Answers:
A: The IP flow verify capability enables you to specify a source and destination IPv4 address,
port, protocol (TCP or UDP), and traffic direction (inbound or outbound). IP flow verify then tests
the communication and informs you if the connection succeeds or fails. If the connection fails, IP
flow verify tells you which security rule allowed or denied the communication, so that you can
resolve the problem.
B: The connection troubleshoot capability enables you to test a connection between a VM and
another VM, an FQDN, a URI, or an IPv4 address. The test returns similar information returned
when using the connection monitor capability, but tests the connection at a point in time, rather
than monitoring it over time, as connection monitor does.
D: The NSG flow log capability allows you to log the source and destination IP address, port,
protocol, and whether traffic was allowed or denied by an NSG.
Reference:
