DRAG DROP
You administer an Azure Virtual Machine (VM) named CON-CL1. CON-CL1 is in a cloud service named
ContosoService1.
You discover unauthorized traffic to CON-CL1. You need to:
Create a rule to limit access to CON-CL1.
Ensure that the new rule has the highest precedence.Which Azure Power Shell cmdlets and values should you use? To answer, drag the appropriate cmdlet or
value to the correct location in the Power Shell command. Each cmdlet or value may be used once, more
than once, or not at all. You may need to drag the split bat between panes or scroll to view content.
Answer: 
Explanation:
* Example 1
This example uses two commands:
The first command creates a new ACL object and stores it in a variable named $acl1.
The second command updates the ACL object with a rule that permits incoming network traffic only from
remote subnet 10.0.0.0/8.
Windows PowerShell
PS C:\\> $acl1 = New-AzureAclConfigC:\\PS> Set-AzureAclConfig –AddRule –ACL $acl1 –Order 100 –Action
permit –RemoteSubnet “10.0.0.0/8” –
*Parameter: -Order<Int32>Specifies the relative order in which this rule should be processed compared to the other rules applied to
the ACL object. The lowest order takes precedence.Set-AzureAclConfig
URL: http://msdn.microsoft.com/en-us/library/dn495192.aspx
Why wouldn’t this be “Deny”? You are limiting access, not granting.
0
0
The same goes for your answer. You want to limit not deny the traffic.
0
0
Found this that answers that question here:
https://blogs.technet.microsoft.com/canitpro/2013/10/28/step-by-step-setting-up-network-access-control-lists-acls-in-azure/
When a virtual machine is created, a default ACL is put in place to block all incoming traffic. However, if an endpoint is created for Remote Desktop for example(port 3389), then the default ACL is modified to allow all inbound traffic for that endpoint. Inbound traffic from any remote subnet is then allowed to that endpoint and no firewall provisioning is required. All other ports are blocked for inbound traffic unless endpoints are created for those ports. Outbound traffic is allowed by default.
No Endpoint has been created here, thus all is blocked by the default ACL..
0
0
-Order
Specifies the relative order in which this rule should be processed compared to the other rules applied to the
ACL object. The lowest order takes precedence. 0 is allowed.
0
0