ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-700 All Questions

View all questions & answers for the AZ-700 exam
Go to Exam

Exam AZ-700 topic 4 question 2 discussion

Actual exam question from Microsoft's AZ-700
Question #: 2
Topic #: 4
[All AZ-700 Questions]

You have an Azure virtual network that contains the subnets shown in the following table.

You deploy an Azure firewall to AzureFirewallSubnet. You route all traffic from Subnet2 through the firewall.
You need to ensure that all the hosts on Subnet2 can access an external site located at https://*.contoso.com.
What should you do?

  • A. In a firewall policy, create a DNAT rule.
  • B. Create a network security group (NSG) and associate the NSG to Subnet2.
  • C. In a firewall policy, create a network rule.
  • D. In a firewall policy, create an application rule.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Ivank23 at Nov. 4, 2021, 6:11 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
izidorf
Highly Voted 2 years, 6 months ago
Network rule is based on port Ivank23. Application rules are based in FQDN. The answer is correct, I suppose.
upvoted 33 times
Bbb78
1 year, 3 months ago
you can use FQDN in the network rules, network rules are processed before AppRules and if there is a DENY on the outbound traffic in the NETWORK rule - adding to the APPRule will not help
upvoted 1 times
xRiot007
1 month ago
" network rules are processed before AppRules and if there is a DENY on the outbound traffic in the NETWORK rule" - did the question mention any network rules? No. You know what means? They do not exist in this problem. Also, you should use a FQDN with an app rule.
upvoted 1 times
...
mammoot
1 year, 2 months ago
According to this, you can NOT use FQDN in a network rule https://learn.microsoft.com/en-us/azure/firewall/policy-rule-sets#network-rules
upvoted 4 times
...
...
...
Pravda
Highly Voted 2 years, 4 months ago
D - FQDN Application rules that define fully qualified domain names (FQDNs) that can be accessed from a subnet. Network rules that define source address, protocol, destination port, and destination address.
upvoted 18 times
leotoronto123
2 years, 3 months ago
thanks!
upvoted 2 times
...
...
Lazylinux
Most Recent 7 months, 4 weeks ago
Selected Answer: D
Given answer is correct https://learn.microsoft.com/en-us/azure/firewall/policy-rule-sets
upvoted 2 times
...
tester2023
1 year, 3 months ago
DNAT - use a DNAT rule when you want a public IP address to be translated into a private IP address. Network - use a network rule when you want to filter traffic based on IP addresses, any ports, and any protocols Application - use an application rule when you want to filter traffic based on fully qualified domain names (FQDNs), URLs, and HTTP/HTTPS protocols https://learn.microsoft.com/en-us/azure/firewall/policy-rule-sets#rule-types
upvoted 4 times
...
wiki715
1 year, 4 months ago
Selected Answer: D
as explained here: https://learn.microsoft.com/en-us/azure/firewall/policy-rule-sets Application rules Application rules allow or deny outbound and east-west traffic based on the application layer (L7). You can use an application rule when you want to filter traffic based on fully qualified domain names (FQDNs), URLs, and HTTP/HTTPS protocols.
upvoted 1 times
...
Syldana
1 year, 6 months ago
Selected Answer: D
The requirement mentions the HTTP URL so it can only be done through FQDN application rules
upvoted 2 times
...
lobs_wort
1 year, 9 months ago
Selected Answer: D
In exam 22-July-2022.
upvoted 2 times
...
tartarus23
1 year, 10 months ago
D. In a firewall policy, create an application rule. The requirement mentions the HTTP URL so it can only be done through FQDN application rules
upvoted 1 times
...
Sixfun
1 year, 12 months ago
Selected Answer: D
It is correct answer.
upvoted 1 times
...
HTD
2 years ago
in order words allow https (ssl) traffic thru. APPID and also http .
upvoted 1 times
...
Kimimoto
2 years, 3 months ago
Appeared in exam on 11/Feb/2022
upvoted 1 times
...
Contactfornitish
2 years, 3 months ago
Appeared in exam on 17/01/2022
upvoted 1 times
...
aftab7500
2 years, 5 months ago
Correct: Application rules that define fully qualified domain names (FQDNs) that can be accessed from a subnet. Network rules that define source address, protocol, destination port, and destination address.
upvoted 3 times
...
Ivank23
2 years, 6 months ago
Is this not supposed to be C. the network rule?
upvoted 1 times
Eitant
2 years, 4 months ago
No. A scenario, contoso.com changed the domain IP address. With networking rule you will have to modify the rules.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago