Microsoft Cybersecurity Architect — Question 56

You have an Azure subscription named Sub1 that is linked to a Microsoft Entra tenant named contoso.com. Sub1 contains 20 virtual networks named Sub1_VNet1 through Sub1_VNet20.

You have an Azure subscription named Sub2 that is linked to a Microsoft Entra tenant named fabrikam.com. Sub2 contains 20 virtual networks named Sub2_VNet1 through Sub2_VNet20.

You need to deploy an Azure Virtual Network Manager solution that meets the following requirements:
• Blocks SSH traffic on Sub1_VNet20 and Sub2_VNet20 by using network security groups (NSGs)
• Blocks SSH traffic on Sub1_VNet1 through Sub1_VNet19 and Sub2_VNet1 through Sub2_VNet19
• Allows SSH traffic on Sub1_VNet20 and Sub2_VNet20
• Blocks FTP traffic on all the virtual networks
• Minimizes administrative effort

What is minimum number of components required for the deployment?

Answer options

• A. • 1 Virtual Network Manager instance • 1 rule collection • 2 NSGs
• B. • 2 Virtual Network Manager instances that each contains: o 1 NSG o 1 rule collection
• C. • 2 Virtual Network Manager instances that each contains: o 2 NSGs o 2 rule collections
• D. • 1 Virtual Network Manager instance • 2 rule collections • 2 NSGs

Correct answer: A

Explanation

The correct answer is A because it requires only one Virtual Network Manager instance, one rule collection to manage the rules, and two NSGs to handle the traffic blocking for SSH and FTP across the specified virtual networks. Options B and C have unnecessary additional instances and NSGs, which increase complexity and administrative effort, while option D includes an extra rule collection that is not needed, making it less efficient.