ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 3 question 26 discussion

Actual exam question from Microsoft's AZ-500
Question #: 26
Topic #: 3
[All AZ-500 Questions]

SIMULATION -
You need to deploy an Azure firewall to a virtual network named VNET3.
To complete this task, sign in to the Azure portal and modify the Azure resources.
This task might take several minutes to complete. You can perform other tasks while the task completes.

Show Suggested Answer Hide Answer
Suggested Answer: See the explanation below.
To add an Azure firewall to a VNET, the VNET must first be configured with a subnet named AzureFirewallSubnet (if it doesn't already exist).
Configure VNET3.
1. In the Azure portal, type Virtual Networks in the search box, select Virtual Networks from the search results then select VNET3. Alternatively, browse to
Virtual Networks in the left navigation pane.
2. In the Overview section, note the Location (region) and Resource Group of the virtual network. We'll need these when we add the firewall.
3. Click on Subnets.
4. Click on + Subnet to add a new subnet.
5. Enter AzureFirewallSubnet in the Name box. The subnet must be named AzureFirewallSubnet.
6. Enter an appropriate IP range for the subnet in the Address range box.
7. Click the OK button to create the subnet.
Add the Azure Firewall.
1. In the settings of VNET3 click on Firewall.
2. Click the Click here to add a new firewall link.
3. The Resource group will default to the VNET3 resource group. Leave this default.
4. Enter a name for the firewall in the Name box.
5. In the Region box, select the same region as VNET3.
6. In the Public IP address box, select an available public IP address if one exists, or click Add new to add a new public IP address.
7. Click the Review + create button.
8. Review the settings and click the Create button to create the firewall.
Reference:
https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal
by vishg at Nov. 7, 2020, 6:09 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
[Removed]
Highly Voted 3 years, 5 months ago
If you get this question on the exam, make sure to go into VNET3's address space and add another one. If you don't, you will not be able to create the AzureFireWall subnet and you will not complete the Azure Firewall configuration.
upvoted 10 times
xRiot007
9 months, 2 weeks ago
Correct. Az Firewall needs its OWN subnet. There can be nothing else on it.
upvoted 1 times
...
...
Tombarc
Highly Voted 3 years, 3 months ago
I'm not sure if it makes any difference to the question, but it is recommended the AzureFirewallSubnet subnet has /26 size: https://docs.microsoft.com/en-us/azure/firewall/firewall-faq#why-does-azure-firewall-need-a--26-subnet-size https://docs.microsoft.com/en-us/azure/firewall/firewall-faq#why-does-azure-firewall-need-a--26-subnet-size
upvoted 6 times
...
mrt007
Most Recent 1 year, 1 month ago
Sign in to the Azure portal: Go to https://portal.azure.com and sign in with your Azure account credentials. Select “Create a resource”: On the left-hand menu, click on “+ Create a resource”. Search for “Firewall”: In the “Search the Marketplace” box, type “Firewall” and select “Firewall” from the dropdown menu. Create firewall: Click the “Create” button to start the Azure Firewall deployment process. Configure basic settings: Subscription: Select your Azure subscription. Resource group: Choose the resource group where VNET3 is located. Name: Enter a name for the firewall. Region: Choose the region where VNET3 is located. Configure networking settings: Virtual network: Select VNET3 from the dropdown menu. Public IP address: Create a new public IP address or use an existing one. Review + create: Review your settings and click “Create” to deploy the Azure Firewall to VNET3.
upvoted 2 times
...
Rhonwen
1 year, 1 month ago
My questions is, from the VNet, why can't the Firewall be added from the Firewall blade in Settings?
upvoted 1 times
...
Kelly8023
2 years, 7 months ago
Subnet name needs to be AzureFirewallManagementSubnet
upvoted 2 times
GenPatton
2 years, 4 months ago
AzureFirewallManagementSubnet = With forced tunneling AzureFirewallSubnet = Without forced tunneling Determined at creation of firewall - cannot be changed later.
upvoted 1 times
...
MaeseG
2 years, 6 months ago
Totally wrong my friend, as you can see in the URL ( https://learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal#create-a-vnet STEP 10 ) the name for the subnet MUST be AzureFirewallSubnet. Cheers.
upvoted 5 times
macka2005
2 years, 5 months ago
"Force tunneling requires this virtual network have a subnet named AzureFirewallManagementSubnet" in the Azure portal when tested today
upvoted 2 times
lt9898
1 year, 5 months ago
You will see this message if you've selected 'Basic' as the tier since forced tunnelling is mandated. If you select 'Standard' instead, that message will disappear and you return to requiring 'AzureFirewallSubnet'.
upvoted 1 times
...
...
...
...
Haq47
3 years, 4 months ago
Just did mine today. When you opened the subnet in vnet 3, you can already see an existing subnet.. i just deleted that and reused the same subnet with the new azurefirewallsubnet
upvoted 3 times
...
adamsca
3 years, 4 months ago
# Exam Question 12/10/2021
upvoted 4 times
...
vishg
4 years, 6 months ago
Also Required to add routing rule.
upvoted 3 times
Fred64
4 years, 1 month ago
yes but we don't have enough informations to define the route. What is the next hop?
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago