Suggested Answer:A🗳️
You can restrict traffic to multiple virtual networks in multiple subscriptions with a single Azure firewall. Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. You can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks. Azure Firewall uses a static public IP address for your virtual network resources allowing outside firewalls to identify traffic originating from your virtual network. References: https://docs.microsoft.com/en-us/azure/firewall/overview
The Azure Firewall service complements network security group functionality. Together, they provide better "defense-in-depth" network security. Network security groups provide distributed network layer traffic filtering to limit traffic to resources within virtual networks in each subscription. Azure Firewall is a fully stateful, centralized network firewall as-a-service, which provides network- and application-level protection across different subscriptions and virtual networks.
NSG can filter network within subscription and Azure firewall is across different subscription. So Ans is Azure Firewall
Difference between the roles of Azure Firewall, Network Security Group, and DDoS protection:
o Firewall provides centralized protection (filtering inbound and outbound network traffic based on IP, port, protocol, fully qualified domain names (FQDNs), and even URL across the complete Azure infrastructure.
o NSGs filters inbound and outbound network traffic to and from specific resources within Azure Virtual Networks (VNet), typically at the virtual machine (VM) or subnet level. They filter based on source/destination IP, port, and protocol. NSGs are simpler than Azure Firewall and don’t perform the same deep inspection or application-level filtering.
o DDoS provides network-level protection by identifying abnormal traffic patterns and automatically mitigating DDoS attacks in real time. Azure DDoS Protection does not filter specific applications or ports but instead focuses on protecting against volumetric, protocol, and resource-layer attacks.
Azure Firewall is not in the latest AZ-900 scope list. Can someone please confirm this question is not relevant anymore? Or can someone please let us know if they recently had exam test questions with "Azure Firewall" in it?
Made it this far! Super thankful for all the great comments and contributions from people providing their knowledge on different questions! Is there anyone that has bought the "contributor" subscription that can say if it was worth it. Or anyone that has done the test and knows if it is required?
There is no purpose, life is like spawning into a game. Even though there is no purpose, you still finish it and try your best along the way.
Prove me wrong
Azure or AWS universe? Your purpose is based on whether you are IaaS, PaaS or SaaS. Which are you? Some believe we are born as IaaS but evolve into SaaS.
Azure Firewall is an external firewall - outside your Virtual Network
Network Security Group (NSG) is like a internal firewall inside your Virtual Network
right before your resources
Network security groups provide distributed network layer traffic filtering to limit traffic to resources within virtual networks in each subscription. Azure Firewall is a fully stateful, centralized network firewall as-a-service, which provides network- and application-level protection across different subscriptions and virtual networks.
This section is not available anymore. Please use the main Exam Page.AZ-900 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Min_Thu
Highly Voted 4 years, 1 month agovate01
Highly Voted 4 years, 11 months agosandeep1111
4 years, 1 month agoalex100
4 years, 10 months agoRupom8547
Most Recent 5 months, 2 weeks agob274b54
10 months agomegan_mai
1 year, 2 months agoSUBASH2024
1 year, 2 months agonanny123
1 year, 2 months agoDD_12
1 year, 3 months agoaz900k
1 year, 3 months agoBedraux
1 year, 5 months agoAmi_Saparia
1 year, 7 months agoBATE
1 year, 7 months agoChithritha
1 year, 5 months agoAchab
2 years, 1 month agomilofficial
1 year, 11 months agoSaxman
1 year, 11 months agoAzureCloud07
2 years, 4 months agochuchu98
2 years, 9 months agoAnil7177
3 years, 1 month agoMS_Learner
3 years, 2 months agomufflon
3 years, 4 months agoJC0708
8 months ago