Can Network Security Groups (NSGs) deny inbound traffic from the internet?

Disable ads (and more) with a membership for a one time $4.99 payment

Study for the Microsoft SC-900 Exam. Master key concepts with targeted flashcards and multiple-choice questions, featuring hints and explanations. Get prepared and confident for success!

Network Security Groups (NSGs) are an essential component of Microsoft Azure's security framework, designed to control network traffic to and from Azure resources. The functionality of NSGs allows for the creation of rules that can permit or deny inbound and outbound traffic based on specific criteria such as source IP address, destination IP address, port number, and protocol.

When the question pertains to whether NSGs can deny inbound traffic from the internet, the correct response highlights an important feature of NSGs: they can indeed be configured to deny specific traffic, including that which originates from the internet. By default, an NSG allows all inbound traffic unless explicitly denied, enabling administrators to customize security posture according to their requirements. By defining rules, you can specify that traffic from the internet (with a source of 0.0.0.0/0) should be denied, effectively restricting external access to your resources.

The capability to deny specific types of traffic enhances security by allowing organizations to enforce strict access controls, ensuring that only legitimate and necessary traffic reaches Azure resources. Therefore, the answer accurately reflects the functionality of NSGs in managing and securing inbound traffic from the internet.