ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-700 All Questions

View all questions & answers for the AZ-700 exam
Go to Exam

Exam AZ-700 topic 4 question 41 discussion

Actual exam question from Microsoft's AZ-700
Question #: 41
Topic #: 4
[All AZ-700 Questions]

HOTSPOT
-

You have an Azure subscription that contains an Azure Firewall policy named FWPolicy1.

You need to configure FWPolicy1 to meet the following requirements:

• Allow traffic based on the FQDN of the destination.
• Allow TCP traffic based on the source.

Which types of rules should you use for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by matanzpl at April 8, 2024, 1:25 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
matanzpl
Highly Voted 1 year, 3 months ago
1. App only - fqdn 2. Network or DNAT - tcp ports
upvoted 5 times
...
Sergovladi
Most Recent 5 months, 2 weeks ago
"Application" only because FQDN "Network" only because TCP based on source IP address
upvoted 1 times
Sergovladi
5 months, 2 weeks ago
note: DNAT is only for inbound-initiated connections like RDP from Internet to VNET
upvoted 1 times
xRiot007
3 months ago
Both TCP and DNAT are correct - it says "allow traffic" without specifying a direction
upvoted 1 times
...
...
...
AlainChk
1 year ago
If we set a DNAT rule (a public source towards a private destination), that also means the connection is allowed.
upvoted 2 times
...
CharlesS76
1 year, 1 month ago
Based on the documentation for Azure Firewall, filtering by protocol is done via a Network Rule, not DNAT. DNAT rules DNAT rules allow or deny inbound traffic through one or more firewall public IP addresses. You can use a DNAT rule when you want a public IP address to be translated into a private IP address. The Azure Firewall public IP addresses can be used to listen to inbound traffic from the Internet, filter the traffic and translate this traffic to internal resources in Azure. Network rules Network rules allow or deny inbound, outbound, and east-west traffic based on the network layer (L3) and transport layer (L4). You can use a network rule when you want to filter traffic based on IP addresses, any ports, and any protocols. https://learn.microsoft.com/en-us/azure/firewall/policy-rule-sets
upvoted 1 times
manny72
11 months, 1 week ago
DNAT rules can filter also protocols
upvoted 1 times
...
...
LieJ0n
1 year, 2 months ago
Seems correct. feels like a weird question though
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel