Microsoft Azure Architect Design (AZ-304) Practice Test

Which method can be used to analyze if packets are being allowed or denied to virtual machines within an Azure environment?

• A. Azure Traffic Analytics
• B. Azure Network Watcher
• C. Azure Monitor
• D. Application Insights

The correct answer is: Azure Network Watcher

Azure Network Watcher is the correct choice for analyzing whether packets are being allowed or denied to virtual machines within an Azure environment. Network Watcher provides a set of tools to monitor, diagnose, and gain insights into your network performance and health. One of its features, Network Security Group (NSG) flow logs, specifically allows you to review traffic flow and see which packets are allowed or denied by the security rules applied to your Network Security Groups. This is crucial for understanding network behavior and troubleshooting network issues. By capturing and analyzing NSG flow logs, you can effectively determine which traffic is being permitted or blocked by your NSG rules. Azure Traffic Analytics provides high-level insights regarding traffic patterns and network usage but does not provide packet-level analysis for specific virtual machines. Azure Monitor offers a broader observability solution including metrics and logs from various Azure resources but is not focused solely on packet analysis. Application Insights is primarily used for monitoring application performance and diagnosing performance issues; it is not geared toward network-level packet analysis. Thus, Azure Network Watcher is specifically designed for the task of examining packet flow and security rules, making it the most appropriate method for this scenario.