Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft AZ-400 Exam - Topic 1 Question 106 Discussion

Actual exam question for Microsoft's AZ-400 exam
Question #: 106
Topic #: 1
[All AZ-400 Questions]

SIMULATION

Task 7

You need to prepare a network security group (NSG) named az400 38443478 nsgl to host an Azure DevOps pipeline agent. The solution must allow only the required outbound port for Azure DevOps and deny all other inbound and outbound access to the Internet

Show Suggested Answer Hide Answer
Suggested Answer: A

To prepare a Network Security Group (NSG) named az400-38443478-nsg1 for hosting an Azure DevOps pipeline agent, while allowing only the required outbound port for Azure DevOps and denying all other inbound and outbound access to the Internet, follow these steps:

Create the NSG:

Navigate to the Azure Portal.

Go to Network Security Groups and click on + Create.

Fill in the details, including the name az400-38443478-nsg1, and create the NSG.

Configure Outbound Security Rules:

Once the NSG is created, go to its settings.

Navigate to Outbound security rules.

Click on + Add to create a new rule.

Set the Destination port ranges to 443, which is the required port for Azure DevOps12.

Set the Protocol to TCP.

Set the Action to Allow.

Assign a Priority number (e.g., 100) that does not conflict with existing rules.

Provide a meaningful Name for the rule (e.g., AllowAzureDevOps).

Configure Default Rules to Deny All Other Traffic:

In the same Outbound security rules section, edit the default rule to deny all traffic.

Change the Action to Deny for the rule with the lowest priority (highest number).

Ensure that this rule applies to all protocols, source and destination IP ranges, and port ranges.

Associate the NSG with the Appropriate Resource:

Associate the NSG with the subnet or network interface of the virtual machine or resource where the Azure DevOps pipeline agent will be hosted.

By following these steps, you will ensure that the Azure DevOps pipeline agent can communicate with Azure DevOps services over the required port while blocking all other inbound and outbound Internet access, adhering to the principle of least privilege and security best practices.


by Hortencia at Sep 14, 2024, 08:29 PM

Limited Time Offer

25%

Off

Get Premium AZ-400 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Anjelica
4 months ago
This is a bit overkill, isn't it?
upvoted 0 times
...
Elroy
4 months ago
Sounds right, but what about updates?
upvoted 0 times
...
Shaquana
4 months ago
Wait, are we really blocking all other ports?
upvoted 0 times
...
Jade
4 months ago
Totally agree, security first!
upvoted 0 times
...
Theron
5 months ago
You need to allow port 443 for Azure DevOps.
upvoted 0 times
...
Malcom
5 months ago
I think the key is to ensure that only the necessary outbound port is open, but I’m not clear on how to set the deny rules correctly.
upvoted 0 times
...
Elena
5 months ago
I feel like I studied this recently, but I’m confused about whether we need to specify any additional ports for Azure DevOps.
upvoted 0 times
...
Merilyn
5 months ago
This reminds me of a practice question where we had to configure NSGs for a web app. I remember we had to deny all by default, but I can't recall the exact commands.
upvoted 0 times
...
Broderick
5 months ago
I think we need to allow outbound traffic on port 443 for Azure DevOps, but I'm not entirely sure about the inbound rules.
upvoted 0 times
...
Mauricio
5 months ago
Hmm, I'm a little unsure about the specific port requirements for Azure DevOps. I'll need to research that before I can confidently configure the NSG. But the overall task of creating an NSG and managing inbound/outbound rules seems manageable.
upvoted 0 times
...
Britt
5 months ago
This seems pretty straightforward. I'll start by creating the NSG with the required name, then add a rule to allow the necessary outbound port for Azure DevOps. After that, I'll add a rule to deny all other inbound and outbound traffic. Should be a quick one to knock out.
upvoted 0 times
...
Oliva
5 months ago
Okay, so I need to create an NSG named az400 38443478 nsgl that will host an Azure DevOps pipeline agent. The key is to only allow the required outbound port for Azure DevOps and deny all other inbound and outbound access to the Internet. Sounds doable, but I'll need to double-check the specific port requirements.
upvoted 0 times
...
Myong
6 months ago
Hmm, this looks like a straightforward network security group configuration task. I'll need to make sure I understand the requirements clearly before jumping in.
upvoted 0 times
...
Hobert
6 months ago
Hmm, I'm a bit confused by this question. Destroying all proprietary information doesn't seem like a good solution - we need to protect it, not get rid of it. I'll have to think this through carefully.
upvoted 0 times
...
Corinne
1 year ago
Wait, we're actually supposed to secure the pipeline agent? I thought it was just for coffee breaks.
upvoted 0 times
Lenita
1 year ago
It's important to only allow the necessary outbound port for Azure DevOps and restrict other access.
upvoted 0 times
...
Mi
1 year ago
The solution involves creating a network security group to control the traffic flow.
upvoted 0 times
...
Haydee
1 year ago
Yes, we need to secure the pipeline agent to prevent unauthorized access.
upvoted 0 times
...
...
Barney
1 year ago
Easy peasy, this is exactly what I would have done. Gotta love those restrictive NSGs!
upvoted 0 times
...
Cecil
1 year ago
Looks good! Keeping that internet access locked down is key for security.
upvoted 0 times
Hildegarde
1 year ago
Kaitlyn: Absolutely, limiting outbound ports is crucial to prevent unauthorized access.
upvoted 0 times
...
Kaitlyn
1 year ago
Definitely, we have to make sure we only allow what's necessary for Azure DevOps.
upvoted 0 times
...
Nada
1 year ago
I agree, security is so important when setting up network access.
upvoted 0 times
...
...
Milly
1 year ago
Do you have any ideas on how to achieve the required configuration?
upvoted 0 times
...
Antonio
1 year ago
I agree, setting up network security groups can be tricky.
upvoted 0 times
...
Milly
1 year ago
I think this task is challenging.
upvoted 0 times
...

Save Cancel