Microsoft Azure Architect Technologies (2020, legacy) — Question 95

You have an Azure virtual network that contains a subnet named Subnet1. Subnet1 contains 50 virtual machines. Twenty-five of the virtual machines are web servers and the other 25 are application servers.
You need to filter traffic between the web servers and the application servers by using application security groups.
Which additional resource should you provision?

Answer options

• A. Azure Firewall
• B. a user-defined route
• C. Azure Private Link
• D. a network security group (NSG)

Correct answer: D

Explanation

The correct option is D, a network security group (NSG), as it is specifically designed to filter network traffic to and from Azure resources. Azure Firewall, user-defined routes, and Azure Private Link do not directly facilitate traffic filtering between application security groups in the context described.