0
0
Azurecloud~20 mins

Network Security Groups (NSG) in Azure - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
NSG Mastery Badge
Get all challenges correct to earn this badge!
Test your skills under time pressure!
service_behavior
intermediate
2:00remaining
How does NSG rule priority affect traffic filtering?

You have two NSG rules: Rule A with priority 100 allowing inbound HTTP (port 80), and Rule B with priority 200 denying all inbound traffic. What happens to inbound HTTP traffic?

AInbound HTTP traffic is allowed only if it matches Rule B.
BInbound HTTP traffic is denied because Rule B denies all inbound traffic.
CInbound HTTP traffic is denied because NSG rules are evaluated randomly.
DInbound HTTP traffic is allowed because Rule A has higher priority (lower number).
Attempts:
2 left
💡 Hint

Remember, NSG rules are processed in order of priority from lowest number to highest.

Architecture
intermediate
2:00remaining
Where should you apply NSGs for best security in a multi-tier Azure app?

You have a web tier, app tier, and database tier in separate subnets. Which NSG application strategy best limits unwanted traffic?

AApply NSGs on all subnets to control traffic between tiers and from internet.
BApply NSGs only on the web tier subnet to filter inbound internet traffic.
CApply NSGs only on the database subnet to block all traffic except app tier.
DDo not use NSGs; rely on Azure Firewall instead.
Attempts:
2 left
💡 Hint

Think about controlling traffic flow between each tier and from outside.

Configuration
advanced
2:00remaining
What is the effect of this NSG rule configuration snippet?

Given this NSG rule JSON snippet, what is the effect on inbound traffic?

Azure
{
  "name": "Deny-SSH",
  "properties": {
    "priority": 300,
    "direction": "Inbound",
    "access": "Deny",
    "protocol": "Tcp",
    "sourcePortRange": "*",
    "destinationPortRange": "22",
    "sourceAddressPrefix": "*",
    "destinationAddressPrefix": "*"
  }
}
ABlocks inbound SSH traffic only from specific IP addresses.
BAllows all inbound SSH traffic because access is Deny but priority is high.
CBlocks all inbound SSH (port 22) traffic from any source.
DBlocks outbound SSH traffic on port 22.
Attempts:
2 left
💡 Hint

Check the direction, port, and access fields carefully.

security
advanced
2:00remaining
What happens if you have conflicting NSG rules with the same priority?

You create two NSG rules with priority 100: one allows inbound HTTP, the other denies inbound HTTP. What is the outcome?

AThe deny rule takes precedence and blocks HTTP traffic.
BAzure NSG rejects the configuration; you cannot have duplicate priorities.
CThe allow rule takes precedence and allows HTTP traffic.
DTraffic is randomly allowed or denied due to conflict.
Attempts:
2 left
💡 Hint

Check Azure NSG rules priority requirements.

🧠 Conceptual
expert
2:00remaining
How does NSG flow logs help in troubleshooting network issues?

Which statement best describes the role of NSG flow logs in Azure?

AThey log allowed and denied traffic flows through NSGs, helping identify blocked or allowed connections.
BThey provide detailed packet captures of all network traffic for deep inspection.
CThey automatically fix misconfigured NSG rules by suggesting corrections.
DThey replace NSGs by providing firewall capabilities.
Attempts:
2 left
💡 Hint

Think about what logs usually record about network traffic.