ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-720 All Questions

View all questions & answers for the AZ-720 exam
Go to Exam

Exam AZ-720 topic 5 question 21 discussion

Actual exam question from Microsoft's AZ-720
Question #: 21
Topic #: 5
[All AZ-720 Questions]

A company has an Azure tenant. The company deploys an Azure firewall named FW1 to control access from an on-premises datacenter to an Azure virtual machine named VM1.

The company troubleshoots ICMP connectivity from the on-premises datacenter to VM1. You are unable to ping VM1 from an on-premises server.

You need to determine if ICMP connectivity to VM1 is allowed on FW1.

What should you do?

  • A. Use the ping command targeting the IP address of VM1 and review the Network rules log of FW1.
  • B. Use the ping command targeting the IP address of VM1 and review the command’s response.
  • C. Use the ping command targeting the IP address of VM1 and review the Infrastructure rules log of FW1.
  • D. Use the ping command targeting the fully qualified domain name of VM1 and review the command’s response.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by terawatt at July 21, 2023, 3:26 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
terawatt
1 year, 11 months ago
Selected Answer: A
The Azure Firewall uses network rules to handle ICMP (Internet Control Message Protocol) traffic, as it's not application-based traffic. To verify if ICMP traffic is allowed to VM1, you should: A. Use the ping command targeting the IP address of VM1 and review the Network rules log of FW1. The network rules log of the Azure Firewall will show whether the ICMP packets are being allowed or blocked by FW1. Option B is not correct because the response of the ping command only tells you whether the ICMP request was successful or not. It does not indicate if the ICMP traffic is allowed through FW1 or not. Option C is not correct because there is no "Infrastructure rules log" in Azure Firewall. Option D is not correct because the FQDN is not used in ICMP traffic, ICMP operates on the network layer and uses IP addresses, not domain names. Also, similar to B, this will not indicate whether the ICMP traffic is being allowed or blocked by FW1.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel