Free CompTIA CloudNetX CNX-001 Actual Exam Questions - Question 2 Discussion

I’d check the routing table too—maybe traffic to App A’s IP is getting misrouted or dropped before hitting the VM subnet. NSGs aren’t the only place where connectivity can break.

If workstations can reach Server B but not App A, NSG rules on the VM subnet might be blocking those

Agree, VM subnet NSG probably blocking App A’s ports, unlike Server B.

VM subnet NSG likely blocks required ports for Application A, unlike Server B’s open ports.

I think it’s worth checking the firewall settings on the VMs too. Even if NSGs look fine, a local firewall could still block Application A’s traffic while allowing Server B access.

I’d also focus on the NSGs since they’re critical for controlling subnet traffic. If workstations can reach Server B but not Application A on the VMs, it suggests maybe the inbound rules on the VM subnet NSG block the app’s ports. The firewall could be fine if Server B is reachable, so NSG rules are a more likely cause. Checking port allowances and source IP ranges in those NSGs should help narrow down what’s wrong. Option A doesn’t specify changes or checks, so it feels incomplete without that detailed NSG review.

I’d check the NSGs first since they control traffic flow between subnets and VMs. If workstations can reach Server B but not the app hosted on VMs, maybe there’s a missing inbound rule allowing those ports from the workstations’ subnet. Firewalls could be okay if Server B is accessible. So, focusing on NSG rules for the VM subnet might pinpoint the block.

Option A seems vague, might be a trap without more details.