Disable ads (and more) with a membership for a one time $4.99 payment
In a three-tier architecture, which security measure ensures that only the front-end VM is publicly accessible over HTTP?
Using Azure VPN
Utilizing a Network Security Group (NSG)
Creating a Virtual Private Network (VPN) gateway
Implementing Azure Firewall
The correct answer is: Utilizing a Network Security Group (NSG)
Utilizing a Network Security Group (NSG) is the correct choice because NSGs are a key component in managing network access to Azure resources. They allow you to apply inbound and outbound security rules to virtual network resources. In a three-tier architecture, the front-end VM usually needs to be accessible to users over the internet, often through HTTP or HTTPS. By configuring an NSG associated with the front-end VM, you can create rules that specifically allow traffic on the desired ports (like 80 for HTTP) only for that VM. The NSG acts as a virtual firewall that controls the flow of traffic to and from network interfaces (NIC), VMs, or subnets. As such, you can restrict access to backend services or databases from public access, ensuring that only the front-end VM facing the public internet is reachable, while the back-end tiers remain securely isolated. The other options, while related to network configuration and security, do not directly pertain to controlling public access to a specific VM in the context described. Azure VPN facilitates secure private connections to your Azure resources but doesn't restrict public access. A Virtual Private Network (VPN) gateway provides a secure connection over the internet but does not manage access rules for individual VMs. Azure Firewall offers