AZ-104 Configure network security groups

Which configuration is necessary for a network security group to deny all outbound traffic except traffic destined for a specified external IP address?. Set the source to the external IP address and action to deny. Allow outbound traffic from all ports and deny inbound traffic from the external IP address. Define a rule with the destination set to the external IP address and action set to allow, and another rule with destination set to Any and action set to deny.

What scenario best describes an appropriate use of network security groups in Azure?. When you need to manage user access to Azure Active Directory. When you need to configure virtual machine sizes and performance settings. When you need to restrict traffic flow to resources in your virtual network based on specific security rules.

In a scenario where you need to manage security for different workloads with minimal complexity, which Azure service would allow you to create logical groupings of virtual machines and apply security rules efficiently?. Application Security Groups. Azure Policy. Network Watcher.

In the context of Azure network security groups, what is the effect of assigning a network security group to both a subnet and a network interface?. The network interface rules override the subnet rules. Only the subnet rules are applied. Both rules are evaluated independently, and the most restrictive applies.

An IT administrator is having trouble with network traffic routing between virtual machines organized by workload. They need to ensure traffic is managed efficiently. What should they implement to address this issue?. Application Security Groups. Load Balancer. Azure Traffic Manager.

How does Azure handle conflicting inbound security rules in a network security group?. It averages the priorities and applies a combined rule. It randomly selects a rule to apply. It applies the rule with the lowest priority value.

What is the role of a demilitarized zone (DMZ) when using network security groups in Azure?. To eliminate the need for individual network security groups. To automate the application of security rules. To act as a buffer between internal resources and external traffic.

Which Azure feature allows the definition of security rules based on logical groupings of virtual machines by application workloads?. Application Security Groups. Azure Active Directory Groups. Network Security Groups.

Your organization has a hybrid cloud environment. When is it appropriate to implement network security groups in this setup?. To configure backup and disaster recovery solutions for Azure services. To control traffic flow between Azure virtual machines and on-premises resources. To manage identity and access for Azure Active Directory users.