Microsoft Certified: Azure Fundamentals (AZ-900) Practice Exam

What is a key function provided by a Network Security Group (NSG) in Azure?

• A. Traffic analytics and monitoring
• B. Web application protection
• C. Filtering network traffic to and from Azure resources
• D. Managing user identities and permissions

The correct answer is: Filtering network traffic to and from Azure resources

A Network Security Group (NSG) is a critical component within Azure that is primarily used to manage and filter network traffic to and from various Azure resources. It incorporates a set of security rules that dictate which types of inbound and outbound traffic are allowed or denied based on factors such as source IP addresses, destination IP addresses, port numbers, and protocols. By employing NSGs, organizations can enforce security policies tailored to their specific needs, ensuring that only the intended traffic reaches their resources, thus bolstering the overall security posture of their cloud environment. Other functionalities like traffic analytics and monitoring, web application protection, and managing user identities and permissions are handled by different Azure services. Traffic analytics may be monitored through tools like Azure Monitor or Network Watcher; web application protection is typically provided by services such as Azure Application Gateway with its Web Application Firewall; and user identities and permissions are managed through Azure Active Directory. Thus, while all these functions are essential in the context of cloud security and management, filtering network traffic is the unique and primary function of NSGs.