Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

Subnet1 of an Azure virtual network is associated to an NSG that currently contains the default rules plus a custom inbound rule that allows TCP 443 from any source with priority 200. You must prevent the public IP address 203.0.113.7 from reaching resources in Subnet1 on port 443 while preserving HTTPS access for all other clients. Which change should you make to the NSG?

  • Modify the existing allow rule by changing the source to IP Addresses and specifying every public range except 203.0.113.7.

  • Change the existing allow rule to priority 100 and add a new deny-all rule for TCP 443 at priority 300.

  • Add a new inbound security rule with priority 300 that denies TCP 443 traffic from source IP address 203.0.113.7.

  • Add a new inbound security rule with priority 100 that denies TCP 443 traffic from source IP address 203.0.113.7.

Microsoft Azure Security Engineer Associate AZ-500
Secure networking
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot