I've a question about one 70-533 exam question, which is the correct one? I think that an Availability set is not used to make that configuration, what do you think?
You manage an application that has a front-end tier, a middle tier, and a back-end tier. Each tier is located on a different subnet.
You need to apply access to and between the tiers as follows:
Only the front-end tier must be able to access the Internet.
You must permit network access between the front-end tier and the middle tier.
You must permit network access between the middle tier and the back-end tier.
You must prevent all other network traffic.
You need to apply this configuration to all virtual machines inside the subnets.
What should you do?
A. Use a Network Security Group (NSG).
B. Add a VPN gateway.
C. Add a regional VNET.
D. Add an Availability Set.
Correct Answer: D >> what dump sais, but I think is A
It is A - the Availability Set is all about VM uptime and availability and has no security or networking components related to this scenario.
If you read the documentation: https://docs.microsoft.com/en-gb/azure/virtual-network/virtual-networks-nsg
"A network security group (NSG) contains a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks (VNet). NSGs can be associated to subnets, individual VMs (classic), or individual network interfaces (NIC) attached to VMs (Resource Manager). When an NSG is associated to a subnet, the rules apply to all resources connected to the subnet. Traffic can further be restricted by also associating an NSG to a VM or NIC."