Answer-first summary for fast verification
Answer: Azure Network Security Groups (NSGs) for defining inbound and outbound traffic rules, which is a cost-effective solution that allows for granular control over traffic to and from VMs., Both Azure Network Security Groups (NSGs) and Azure Firewall, which together provide comprehensive traffic filtering capabilities including IP-based access control and advanced threat protection.
Azure Network Security Groups (NSGs) are the most appropriate choice for this scenario because they allow for the definition of inbound and outbound traffic rules based on IP addresses, making them a cost-effective and scalable solution for restricting access to VMs. While Azure Firewall offers advanced features, it is not necessary for the basic requirement of IP-based access control unless additional security features are needed. Therefore, NSGs alone are sufficient for the given requirements, but if advanced threat protection is also a consideration, then combining NSGs with Azure Firewall (option E) would be the best approach.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
In a scenario where your organization requires strict control over access to a set of Azure virtual machines (VMs) to ensure they are only accessible from specific IP addresses, you need to select the most appropriate Azure networking feature. Additionally, the solution must be cost-effective and easily scalable to accommodate future growth. Considering these requirements, which Azure networking feature would you use to restrict access to these VMs, and why? Choose the best option from the following:
A
Azure Network Security Groups (NSGs) for defining inbound and outbound traffic rules, which is a cost-effective solution that allows for granular control over traffic to and from VMs.
B
Azure Virtual Network Peering for connecting multiple virtual networks, which enables resources in different virtual networks to communicate with each other but does not directly restrict access based on IP addresses.
C
Azure VPN Gateway for secure site-to-site connectivity, which provides encrypted connections between your on-premises network and Azure but is not the most efficient method for restricting access based on specific IP addresses.
D
Azure ExpressRoute for dedicated private network connectivity, which offers a private connection to Azure services but is more expensive and not specifically designed for IP-based access restriction to VMs.
E
Both Azure Network Security Groups (NSGs) and Azure Firewall, which together provide comprehensive traffic filtering capabilities including IP-based access control and advanced threat protection.