Microsoft Azure Architect Technologies (AZ-300) Practice Exam

What is the primary purpose of using a Network Security Group (NSG) in an Azure VNet?

• A. To manage load balancing across multiple VMs
• B. To control inbound and outbound traffic rules
• C. To monitor application performance metrics
• D. To optimize resource utilization

The correct answer is: To control inbound and outbound traffic rules

The primary purpose of using a Network Security Group (NSG) in an Azure Virtual Network (VNet) is to control inbound and outbound traffic rules. NSGs serve as a critical component for securing network traffic flowing to and from resources within a virtual network. By defining specific rules, an NSG can allow or deny traffic based on various criteria such as source IP addresses, destination IP addresses, ports, and protocols. This allows for fine-grained control over which traffic is permitted to reach virtual machines and other resources, helping to enhance the security posture of the Azure environment. For instance, an organization can configure an NSG to only permit HTTP and HTTPS traffic to a web server while blocking all other traffic. This capability is essential for protecting sensitive applications and data from unauthorized access and attacks. Other options presented do not accurately represent the primary function of an NSG. While load balancing among multiple VMs is important for distributing incoming network traffic, it is handled by Azure Load Balancer or Azure Application Gateway, not NSGs. Monitoring application performance metrics typically involves Azure Monitor or Application Insights which focus on the health and performance of applications rather than controlling network traffic. Finally, optimizing resource utilization pertains to efficiently using Azure resources, which is not a function of NS