Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft AZ-104 Exam - Topic 9 Question 84 Discussion

Actual exam question for Microsoft's AZ-104 exam
Question #: 84
Topic #: 9
[All AZ-104 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.

Another administrator plans to create several network security groups (NSGs) in the subscription.

You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.

Solution: You configure a custom policy definition, and then you assign the policy to the subscription.

Does this meet the goal?

Show Suggested Answer Hide Answer
Suggested Answer: B

A custom policy definition is a way to define your own rules for using Azure resources. You can use custom policies to enforce compliance, security, cost management, or organization-specific requirements. However, a custom policy definition alone is not enough to meet the goal of automatically blocking TCP port 8080 between the virtual networks. You also need to create a policy assignment that applies the custom policy definition to the scope of the subscription. A policy assignment is the link between a policy definition and an Azure resource. Without a policy assignment, the custom policy definition will not take effect. Therefore, the solution does not meet the goal.


Tutorial: Create a custom policy definition

Create and manage policies to enforce compliance

by Kenneth at Oct 20, 2023, 10:25 PM

Limited Time Offer

25%

Off

Get Premium AZ-104 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Vallie
4 months ago
Yes, that’s how you manage security across resources!
upvoted 0 times
...
Kristel
4 months ago
Sounds right, but I’d double-check the NSG settings.
upvoted 0 times
...
Ula
4 months ago
Wait, can policies really block traffic between virtual networks?
upvoted 0 times
...
Margart
5 months ago
Totally agree, this should work!
upvoted 0 times
...
Barabara
5 months ago
Custom policy definitions can enforce rules like that.
upvoted 0 times
...
Shantay
5 months ago
I believe the custom policy should meet the goal, but I wonder if there are any limitations on how it applies across different resource groups.
upvoted 0 times
...
Reiko
5 months ago
I’m a bit confused about how policies interact with NSGs. Does the policy really enforce the rules on existing NSGs too?
upvoted 0 times
...
Coral
5 months ago
I remember a practice question about NSGs, and I feel like they need to be explicitly configured to block specific ports.
upvoted 0 times
...
Merilyn
5 months ago
I think creating a custom policy definition could work, but I'm not entirely sure if it automatically applies to all new NSGs.
upvoted 0 times
...
Emeline
5 months ago
Okay, I think I've got a good strategy for this. I'll start by reviewing the details of the question and the provided solution. Then, I'll consider any alternative approaches that might also meet the goal. Finally, I'll select the answer that I believe is the most appropriate.
upvoted 0 times
...
Krissy
5 months ago
Hmm, this seems like a tricky one. I'll need to review the Azure policy documentation to make sure I fully understand how to create and assign custom policy definitions. I don't want to risk getting this wrong.
upvoted 0 times
...
Gaynell
5 months ago
I'm a bit unsure about this one. The question mentions that there might be more than one correct solution, so I'll need to carefully consider all the options before selecting my answer.
upvoted 0 times
...
Tora
6 months ago
I think this is a straightforward question. Configuring a custom policy definition and assigning it to the subscription seems like a reasonable approach to meet the goal of automatically blocking TCP port 8080 between the virtual networks.
upvoted 0 times
...
Dalene
6 months ago
This seems straightforward to me. The background process should be able to run without stopping the foreground process, so I'll choose option D.
upvoted 0 times
...
Tatum
6 months ago
I'm not sure about this one. I'll have to review my notes on security protocols and individual rights.
upvoted 0 times
...
Bulah
2 years ago
Ha, this question reminds me of that time I spent a whole week trying to find a workaround for a problem that had a much simpler solution. Always gotta think outside the box, but not too far outside, you know?
upvoted 0 times
...
Jamal
2 years ago
I agree with you both. The question is asking about a specific solution, but it doesn't seem like the most straightforward or effective way to achieve the goal. I'd be curious to see if there are any other options we should consider.
upvoted 0 times
...
Nohemi
2 years ago
You make a good point. Applying a policy to the entire subscription seems like overkill when we could just create an NSG with the appropriate rules. It would be more efficient and easier to manage.
upvoted 0 times
...
Truman
2 years ago
Hmm, this is an interesting question. I'm not sure if configuring a custom policy definition would be the best solution here. Shouldn't we be able to create a network security group that blocks TCP port 8080 between the virtual networks directly, rather than relying on a custom policy?
upvoted 0 times
...
Noushu
2 years ago
Answer is A
upvoted 1 times
...

Save Cancel