Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

Your Azure virtual network includes two subnets that host several Linux VMs acting as web servers. The number of web servers changes frequently as the solution scales. You need to allow inbound TCP ports 80 and 443 only to the web servers while keeping security-rule maintenance effort to a minimum. What should you configure?

  • Associate the web-server network interfaces with an Application Security Group and reference that ASG in a single NSG rule allowing TCP 80 and 443.

  • In the NSG, add inbound rules that allow TCP 80 and 443 from the VirtualNetwork service tag.

  • Create a user-defined route that sends 0.0.0.0/0 traffic to a network virtual appliance that filters ports 80 and 443.

  • Deploy Azure Firewall and configure individual DNAT rules for ports 80 and 443 to each web server.

Microsoft Azure Security Engineer Associate AZ-500
Secure networking
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot