Network Controls
- NSG: stateful L3/L4 filtering at subnet or NIC level; priority-ordered rules.
- ASG: group VMs logically for NSG rules without managing IP addresses.
- Azure Firewall: centralized, stateful with DNAT, network, and application rules.
- WAF: OWASP rule sets protecting web applications at Layer 7.
Private Connectivity
- Private Endpoint: private IP in your VNet for PaaS service access.
- Service Endpoint: routes traffic through Azure backbone but keeps public IP.
- Azure Bastion: secure RDP/SSH without public IP exposure.
- JIT VM Access: opens management ports temporarily with Defender for Cloud.
Practice Network Security Questions
Put your knowledge to the test with practice questions.