Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

Your company has 75 virtual networks spread across three Azure subscriptions. You must immediately block all outbound traffic to two public IP addresses that have been reported as command-and-control endpoints, while avoiding per-NSG changes. What should you do?

  • Add a user-defined route with next hop set to None for the two IP addresses in each subnet of every virtual network.

  • Associate the affected virtual machines with a new application security group and add a deny outbound rule to existing NSGs that references this group.

  • Create a security admin rule collection in Azure Virtual Network Manager, attach it to a network group that contains all virtual networks, and add a deny outbound rule for the two IP addresses.

  • Deploy a centralized Azure Firewall in a hub virtual network and add an outbound application rule that denies connections to the two IP addresses.

Microsoft Azure Security Engineer Associate AZ-500
Secure networking
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot