Question: 1/50
You have an Azure virtual network (VNet) with two subnets: Web and App. You need to ensure that only HTTPS traffic from the Internet can reach the Web subnet and that the App subnet cannot be reached directly from the Internet. Which solution should you use?
Associate a network security group (NSG) to the Web subnet that allows inbound TCP 443 and denies other inbound Internet traffic; associate an NSG to the App subnet that denies inbound from Internet
Create a route table with a default route (0.0.0.0/0) to Virtual network and associate it to both subnets
Enable Azure DDoS Network Protection on the VNet and remove all NSGs
Deploy an Azure Firewall and add only an application rule allowing HTTPS to the Web subnet