0
0
Azurecloud~10 mins

Network Security Groups (NSG) in Azure - Interactive Code Practice

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to create a Network Security Group (NSG) resource in Azure.

Azure
resource "azurerm_network_security_group" "example" {
  name                = "example-nsg"
  location            = "eastus"
  resource_group_name = "example-rg"
  [1] = {}
}
Drag options to blanks, or click blank then click option'
Asecurity_rule
Bsubnet_id
Ctags
Dip_configuration
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'security_rule' directly without defining rules.
Confusing 'subnet_id' which is not a property of NSG resource itself.
2fill in blank
medium

Complete the code to define an inbound security rule allowing HTTP traffic on port 80.

Azure
resource "azurerm_network_security_group" "example" {
  name                = "example-nsg"
  location            = "eastus"
  resource_group_name = "example-rg"

  security_rule {
    name                       = "Allow-HTTP"
    priority                   = 100
    direction                  = "Inbound"
    access                     = "Allow"
    protocol                   = "[1]"
    source_port_range          = "*"
    destination_port_range     = "80"
    source_address_prefix      = "*"
    destination_address_prefix = "*"
  }
}
Drag options to blanks, or click blank then click option'
Aicmp
Budp
C*
Dtcp
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'udp' which is for different types of traffic.
Using '*' which allows all protocols, not just HTTP.
3fill in blank
hard

Fix the error in the security rule to correctly block SSH traffic on port 22.

Azure
security_rule {
  name                       = "Deny-SSH"
  priority                   = 200
  direction                  = "Inbound"
  access                     = "[1]"
  protocol                   = "Tcp"
  source_port_range          = "*"
  destination_port_range     = "22"
  source_address_prefix      = "*"
  destination_address_prefix = "*"
}
Drag options to blanks, or click blank then click option'
AReject
BDeny
CBlock
DAllow
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'Allow' which permits traffic instead of blocking.
Using 'Block' or 'Reject' which are not valid access values.
4fill in blank
hard

Fill both blanks to create a security rule that allows inbound HTTPS traffic on port 443 from a specific IP range.

Azure
security_rule {
  name                       = "Allow-HTTPS"
  priority                   = 150
  direction                  = "Inbound"
  access                     = "[1]"
  protocol                   = "[2]"
  source_port_range          = "*"
  destination_port_range     = "443"
  source_address_prefix      = "192.168.1.0/24"
  destination_address_prefix = "*"
}
Drag options to blanks, or click blank then click option'
AAllow
BDeny
Ctcp
Dudp
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'Deny' which blocks traffic.
Using 'udp' which is not the protocol for HTTPS.
5fill in blank
hard

Fill all three blanks to define a security rule that denies outbound traffic on all ports and protocols.

Azure
security_rule {
  name                       = "Deny-All-Outbound"
  priority                   = 300
  direction                  = "[1]"
  access                     = "[2]"
  protocol                   = "[3]"
  source_port_range          = "*"
  destination_port_range     = "*"
  source_address_prefix      = "*"
  destination_address_prefix = "*"
}
Drag options to blanks, or click blank then click option'
AInbound
BDeny
C*
DOutbound
Attempts:
3 left
💡 Hint
Common Mistakes
Setting direction to 'Inbound' instead of 'Outbound'.
Using 'Allow' instead of 'Deny' to block traffic.
Specifying a protocol instead of '*' to block all.