Exam-Answer

Home / Microsoft / AZ-900 / Question 50

Prev Question
Next Question

Question 50

Your Azure environment contains multiple Azure virtual machines.

You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.

Solution: You modify a DDoS protection plan.

Does this meet the goal?

Answers


Advertisement

Explanation (click to expand)

You open a port, or create an endpoint, to a virtual machine (VM) in Azure by creating a network filter on a subnet or a VM network interface. You place these filters, which control both inbound and outbound traffic, on a network security group attached to the resource that receives the traffic.

The example in this article demonstrates how to create a network filter that uses the standard TCP port 80 (it's assumed you've already started the appropriate services and opened any OS firewall rules on the VM).

After you've created a VM that's configured to serve web requests on the standard TCP port 80, you can:

1. Create a network security group.

2. Create an inbound security rule allowing traffic and assign values to the following settings:

a. Destination port ranges: 80.

b. Source port ranges: * (allows any source port).

c. Priority value: Enter a value that is less than 65,500 and higher in priority than the default catch-all deny inbound rule.

Associate the network security group with the VM network interface or subnet.

References (click to expand)

Prev Question
Next Question

Load more