Firewall PBQs: Designing and Implementing Microsoft Azure Networking Solutions (AZ-700)
easyQuestion 1 of 3
You are an Azure network engineer configuring NSG rules for Spoke A (10.2.0.0/24) in a hub-spoke topology. The spoke currently allows SSH from the entire internet. Per your organization's security baseline, SSH must only be allowed from the hub subnet (10.1.0.0/24) where the bastion host resides. HTTPS traffic from the internet must continue to be allowed. Review the inbound NSG rules and correct the SSH misconfiguration.
Firewall Rules
| # | Direction | Source | Port | Protocol | Action | Order | |
|---|---|---|---|---|---|---|---|
| 1 | inbound | any | 443 | tcp | allow | ||
| 2 | inbound | any | 22 | tcp | allow | ||
| 3 | inbound | any | any | any | deny |
Rules are evaluated top to bottom. Use ▲▼ to reorder.
Progress
0 of 3 rules correctEdit or add rules to configure the firewall, then mark complete
0 of 3 marked complete