Microsoft Azure Administrator — Question 18

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You configure a custom policy definition, and then you assign the policy to the subscription.
Does this meet the goal?

Answer options

• A. Yes
• B. No

Correct answer: A

Explanation

The correct answer is Yes because creating a custom policy definition that blocks TCP port 8080 between virtual networks will ensure that any new NSG adheres to this rule. The other option, No, is incorrect because it underestimates the effectiveness of Azure policy in enforcing security rules across the subscription's NSGs.