Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

You manage a three-tier solution in a single Azure virtual network. Ten VMs in the app subnet must reach ten VMs in the db subnet over TCP 1433. One NSG is associated with both subnets, and VM NICs receive new private IPs whenever the solution scales. You need the fewest, maintenance-free NSG rules that allow only the application tier to initiate the SQL traffic. What should you do?

  • Enable a Microsoft.Sql service endpoint on the app subnet and delete all existing NSG rules that block port 1433.

  • Deploy Azure Firewall, force-tunnel all subnet traffic through it, and create a firewall rule that permits TCP 1433 from the app subnet to the db subnet.

  • Create an NSG rule that allows TCP 1433 from the current private IP addresses of the application VMs to the database subnet.

  • Create two Application Security Groups, add the application VMs to one and the database VMs to the other, and add a single NSG rule that allows TCP 1433 from the application ASG to the database ASG.

Microsoft Azure Security Engineer Associate AZ-500
Secure networking
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot