AZ-104
The Silent Network Cut
It is Tuesday morning. Your application team reports that the API servers in the "backend" subnet (10.1.2.0/24) in VNet-Prod can no longer reach the database servers in the "data" subnet (10.1.3.0/24) in the same VNet. This worked perfectly yesterday. At the same time, a junior admin was implementing a new Network Security Group (NSG) policy to block all inbound internet traffic to the backend subnet — a legitimate security hardening task they completed at 11pm last night. The frontend web servers (10.1.1.0/24) can still reach the backend APIs with no problems.
STEP 1 OF 5 — FREE PREVIEW
NSGs have a specific rule evaluation order. Explain how NSG rules are processed and why a rule added to block inbound internet traffic could have accidentally also blocked intra-VNet traffic between subnets. What is the key default rule that governs VNet-internal traffic?
🔒
Steps 2–5 require purchase
One-time purchase — lifetime access to all 5 AZ-104 labs
Sign in to purchase