FCP – Zero Trust Cloud Security Administrator 7.4 — Question 37
A Linux server has been deployed in the protected VNet. You need to create a list of control rules that allow or deny traffic that reaches the Linux server based on IP addresses and ports.
Which basic Azure networking feature could be configured for that purpose?
Answer options
- A. Virtual network peering for automatic traffic filtering
- B. User-defined routes (UDR)
- C. Access control list (ACL)
- D. Network security group (NSG)
Correct answer: D
Explanation
The correct answer is D, Network security group (NSG), as it is specifically designed to manage inbound and outbound traffic to network interfaces and subnets based on rules. Options A and B do not provide the necessary control for traffic filtering based on IPs and ports, and while C, Access control list (ACL), is related, it is not the primary feature used in Azure for this purpose.