ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-700 All Questions

View all questions & answers for the AZ-700 exam
Go to Exam

Exam AZ-700 topic 4 question 33 discussion

Actual exam question from Microsoft's AZ-700
Question #: 33
Topic #: 4
[All AZ-700 Questions]

HOTSPOT
-

You have the Azure firewall shown in the following exhibit.



Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by ironbornson at Sept. 21, 2023, 6:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Lazylinux
Highly Voted 1 year, 6 months ago
First given ans is incorrect, if forced Tunnelling is NOT enabled and FW already deployed then you cannot enable it, you WILL have to delete existing FW and deploy new one with forced tunnelling enabled Second ans is correct
upvoted 14 times
xRiot007
4 days, 4 hours ago
Right now, you can enable it after creation as well. so the first answer is correct.
upvoted 1 times
...
manhattan
3 months, 1 week ago
first answer is correct, you can modify the FT in an existing firewall now https://docs.azure.cn/en-us/firewall/management-nic#enable-the-management-nic-on-existing-firewalls
upvoted 2 times
bilzi
2 months, 2 weeks ago
WRONG! Only for basic firewall. The firewall in this question is standard, so you CAN NOT enable it. Just read what it says in the link you provided.....
upvoted 2 times
4d1c008
1 month ago
"For a pre-existing firewall, you must stop the firewall and then restart it with the Firewall Management NIC enabled to support Forced tunneling."
upvoted 1 times
...
4d1c008
1 month ago
Read a little more carefully. It says Basic comes enabled but standard and premium will have to be stopped and a management nic can be enabled. Its a new feature. There is a lot of arguing about this question so I would suggest everyone read the latest learn articles and make up their minds.
upvoted 1 times
...
...
...
Gambito11
4 months ago
https://www.examtopics.com/exams/microsoft/az-700/view/5/ question 6 (Topic 4) in this dump answer correct is: Cannot be enable and Is enable already
upvoted 2 times
...
Discussions22
1 year, 5 months ago
Hi, thanks you for explanation, still what about second answer, why it is correct?
upvoted 1 times
rjwolf82
1 year, 1 month ago
Because of the "Visit Azure Firewall Manager to manage and configure...." in the top. That means it's enabled.
upvoted 2 times
...
galahad
1 year, 1 month ago
The firewall has the private IP address assigned to it therefore you can manage it.
upvoted 2 times
morito
8 months, 4 weeks ago
Additionally, the firewall has a policy assigned which means its managed through the Azure Firewall Manager.
upvoted 1 times
...
...
...
...
Maxou333
Highly Voted 12 months ago
As per the doc https://learn.microsoft.com/en-us/azure/firewall/forced-tunneling, you can stop the firewall and enable/disable force tunneling withour redeploying a new one, so answer 1 should be "is disabled but can be enabled"
upvoted 9 times
Feliphus
4 months, 3 weeks ago
Sorry, but I desagree with you, I explain, if you look the subnet name on the picture it says: AzureFirewallSubnet and if you look just in your indicated link, it says: AzureFirewallManagementSubnet. They are similar names but not the same, completly tricky, yes it is, one is the management subnet and another is the firewall subned. The fact the firewall management NIC never was activated, those fields are blank on the picture, that the reason the answer is: cannot be enabled This explication is not mine, this question is repeated and another student said it. About the second question noone has any doubt: the firewall is being managed
upvoted 1 times
bobothewiseman
2 months, 3 weeks ago
You are wrong!
upvoted 1 times
...
...
...
ninz44
Most Recent 1 month, 1 week ago
i'm confused how any of you can tell if forced tunneling is enabled or not by simply looking at this picture. I would think you need to check the firewall policy settings or UDR's
upvoted 1 times
...
Sergovladi
2 months, 2 weeks ago
You do not have to delete and re-create a FW for forced tunnelling. It is disabled here but "Can Be Enabled". To enable forced tunnelling on the FW you need to enable Management NIC - that is to configure Management Subnet which is "Disabled but can be enabled" https://learn.microsoft.com/en-us/azure/firewall/management-nic Do not be confused with the line at the top of the exhibit showing "...Firewall Manager". It means nothing more than that the policies management
upvoted 1 times
Sergovladi
2 months, 2 weeks ago
https://learn.microsoft.com/en-us/azure/firewall/forced-tunneling
upvoted 1 times
...
...
manhattan
5 months, 2 weeks ago
If you have a pre-existing firewall, you must stop/start the firewall in forced tunneling mode to support this configuration. Stopping/starting the firewall can be used to configure forced tunneling the firewall without the need to redeploy a new one https://learn.microsoft.com/en-us/azure/firewall/forced-tunneling
upvoted 3 times
...
VICEROY
7 months ago
Forced Tunneling indicators: Management subnet / Management public IP should have details Notes: You cannot enable forced tunneling after deployment https://learn.microsoft.com/en-us/azure/firewall/firewall-faq#:~:text=Forced%20tunneling%20is%20supported%20when%20you%20create%20a%20new%20firewall.%20You%20can%27t%20configure%20an%20existing%20firewall%20for%20forced%20tunneling Azure Firewall Management Indicators: Private IP Ranges: Managed by Firewall Policy
upvoted 1 times
...
AlainChk
8 months, 3 weeks ago
It is a question where both answers are ok: - Can be enabled (but requires a downtime). - Cannot be enabled (without a downtime). What MS considers as a good answer.
upvoted 1 times
...
GBAU
1 year, 5 months ago
FW has No Management Subnet or Management public IP assigned/defined/created. -Forced Tunneling requires Management Subnet & Management public IP and it can only be created when the FW is created, so "cannot be enabled". -Azure Firewall Management is clearly disabled (as the Management SN & IP are not there), but you can add this later so "is disabled but can be enabled".
upvoted 2 times
...
ironbornson
1 year, 6 months ago
"To support this configuration, you must create Azure Firewall with Forced Tunnel configuration enabled. This is a mandatory requirement to avoid service disruption. If this is a pre-existing firewall, you must recreate the firewall in Forced Tunnel mode to support this configuration." https://learn.microsoft.com/en-us/azure/firewall/forced-tunneling Repeated question, it's wrong
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago