Home › Azure AZ-500 › cloudcomputing › az500networking › Which Azure networking primitive should a securi…
Which Azure networking primitive should a security engineer use to allow/deny inbound + outbound TCP/UDP traffic to NICs or subnets at the L3/L4 layer?
AAzure Bastion
BNetwork Security Groups (NSGs)
CAzure Cache for Redis
DAzure DNS
Answer & Solution
Correct answer: B. Network Security Groups (NSGs)
NSGs are Azure's L3/L4 stateful packet-filter (per AZ-500 §2 NSGs). The others aren't ACLs.
Related questions
Which Azure Virtual Network feature should a security engineer use to define custom routinWhich Azure tool should a security engineer use to capture and analyse VNet traffic flows Which Microsoft Defender for Cloud feature lets a security engineer OPEN management ports Which Azure service lets a security engineer SSH or RDP into a VM through the Azure portalWhich Azure networking feature should a security engineer use to give an Azure storage accWhich Azure networking feature should a security engineer use to give a VM-hosted workloadWhich Azure DDoS protection tier should a security engineer recommend for an internet-faciWhich Azure global edge service should a security engineer use to protect a globally-distr