Ensure Azure VM1 Accessibility for HTTP: Two Possible Solutions

Virtual Machine Accessibility for HTTP: Solutions

Prev Question Next Question

Question

Your Azure environment contains multiple Azure virtual machines.

You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.

What are two possible solutions? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Answers

A. Modify an Azure Traffic Manager profile

B. Modify a network security group (NSG)

C. Modify a DDoS protection plan

D. Modify an Azure firewall

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network.

You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets.

You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.

In this question, we need to add a rule to the network security group to allow the connection to the virtual machine on port 80 (HTTP).

https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

The two possible solutions for making a virtual machine (VM1) accessible from the internet over HTTP in Azure are:

B. Modify a Network Security Group (NSG): An NSG is a security feature in Azure that controls the inbound and outbound traffic flow to a virtual machine. By default, incoming internet traffic is blocked on all Azure VMs, including VM1. Therefore, you need to create an inbound rule that allows incoming HTTP traffic on port 80 or port 443. You can modify the NSG by following these steps:

In the Azure portal, go to the VM1's resource group, and then click on the NSG.
Click on the "Inbound security rules" tab.
Click on the "+ Add" button to add a new rule.
Set the following parameters:
- Name: HTTP
- Protocol: TCP
- Port range: 80
- Source: Any or a specific IP address range if needed
- Action: Allow
- Priority: A number between 100 and 4096, where a lower number indicates higher priority.
Click on the "Add" button to save the rule. Once the NSG rule is added, VM1 will be accessible from the internet over HTTP.

D. Modify an Azure firewall: Azure Firewall is a cloud-based network security service that helps protect your Azure resources. You can create a firewall rule that allows incoming HTTP traffic on port 80 or port 443. You can modify the Azure firewall by following these steps:

In the Azure portal, go to the resource group where your firewall is deployed.
Click on the firewall resource, and then click on "Rules".
Click on the "+ Add" button to add a new rule.
Set the following parameters:
- Name: HTTP
- Protocol: TCP
- Port: 80
- Source address: Any or a specific IP address range if needed
- Destination address: VM1's public IP address
- Action: Allow
Click on the "Add" button to save the rule. Once the firewall rule is added, VM1 will be accessible from the internet over HTTP.

Note: Options A and C are not correct solutions as Azure Traffic Manager is used for traffic routing and DDoS protection plan is used for preventing distributed denial-of-service attacks, but not for making a VM accessible from the internet over HTTP.

Prev Question Next Question