exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam

Exam AZ-305 topic 4 question 11 discussion

Actual exam question from Microsoft's AZ-305
Question #: 11
Topic #: 4
[All AZ-305 Questions]

You have the Azure resources shown in the following table.

You need to deploy a new Azure Firewall policy that will contain mandatory rules for all Azure Firewall deployments. The new policy will be configured as a parent policy for the existing policies.
What is the minimum number of additional Azure Firewall policies you should create?

  • A. 0
  • B. 1
  • C. 2
  • D. 3
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Greysi
Highly Voted 2 years, 11 months ago
Selected Answer: D
Parent policy must be in the same region as child policy! You get this information when creating a Firewall Policy. Parent Policy drop down list only shows policies in the same region. Existing Firewall Policies are located in different regions. To link them to a new parent policy, each region must have a new parent policy => 3 new policies.
upvoted 58 times
SilverFox22
2 years, 11 months ago
It states in the question "The new policy will be configured as a parent policy for the existing policies." So then just 1 policy, that will be inherited by the existing child policies.
upvoted 3 times
FrancisFerreira
2 years, 8 months ago
"Parent policy must be in the same region as child policy. Firewall policy can be associated with Firewalls across regions regardless of where they are stored." That's from Azure Portal, showed for the field "Parent Policy" when creating a new policy or editing an existing one. We can't associate existing child policies to the new parent policy if their are not in the same region. Since our existing child policies are in 3 different regions, we would need 3 different parent policies.
upvoted 9 times
LillyLiver
2 years, 4 months ago
Confirmed. Parent policy must be in the same region according to my work tenant.
upvoted 1 times
...
sapien45
2 years, 5 months ago
You are the GOAT
upvoted 1 times
...
...
One111
2 years, 3 months ago
You will get 3 objects which you will need to maintain separately.
upvoted 3 times
...
...
blacknurse
2 years, 11 months ago
I am in agreement with your answer. If you look at https://blog.cloud63.fr/azure-firewall/ then your premise is correct.
upvoted 3 times
...
Som_triv
1 year, 2 months ago
Answer seems to be D, bcoz of a known issue. Azure Firewall Policies can be used across regions. For example, you can create a policy in West US, and use it in East US. But below is listed as known issue : Base policies must be in same region as local policy. https://learn.microsoft.com/en-us/azure/firewall-manager/overview#region-availability
upvoted 1 times
...
...
Redimido
Highly Voted 2 years, 9 months ago
Selected Answer: D
Tested in Portal. 1. Created 1 named "Parent" policy in West Europe Created 1 named "Child" policy - in West US - unable to set "Parent" as parent policy. Changed region to West Europe, could directly chose "Parent" as parent. 2. Created second policy named "Parent2" in West US. Went to the "Child" policy, still located in West Europe. Tried to choose Parent policy from the menu. The only parent that showed up was "Parent" also located in West Europe. Conclusion: You can't set a Parent Policy from different region to a child in a given region. Therefore we need 3 different region policies to be set as parents if we do not change the child's regions.
upvoted 31 times
codingdown
2 years, 4 months ago
Parent policy must be in the same region as child policy but firewall policy can be associated with firewalls across regions.
upvoted 4 times
...
...
robinhoHH
Most Recent 6 days, 7 hours ago
Selected Answer: B
ou can create one global parent Azure Firewall policy that applies mandatory rules across all existing Azure Firewall policies (child policies
upvoted 1 times
...
Thanveer
6 days, 22 hours ago
Selected Answer: D
The parent policy and the child policy must be in the same region.
upvoted 1 times
...
quincy273
3 weeks ago
Selected Answer: C
Am I the only one that wants to go for C. 2? You create one policy as stated in the text. What is the minimum number of ADDITIONAL (adding onto the one that you already created) policies you need to create?
upvoted 1 times
...
SeMo0o0o0o
3 weeks ago
Selected Answer: D
D is correct
upvoted 1 times
...
Paputzback
1 month ago
Crappy wording. Create is not deploy. 1 parent policy needs to be created. 1 parent policy needs to be deployed 3 times. But I'll go with D since I have learned to not read into the question what does not already exist. No assumptions can be made that someone is using automation to deploy a single policy 3 times..
upvoted 1 times
...
3c5adce
1 month, 1 week ago
B. 1 - You don't need to create three new policies. The existing policies are already in place for each region. The question only asks for a parent policy that manages rules across all regions, so you need to create just one parent policy
upvoted 1 times
...
e1aa8c5
3 months, 4 weeks ago
I'm so glad this wasn't a question that required mapping actually policy and firewalls and regions - considering the regions are all named differently to the regions they are in
upvoted 1 times
...
profesorklaus
6 months, 2 weeks ago
Tested in a LAB. Answer is correct. Root policy must be in the same region as a child policy.
upvoted 1 times
...
BShelat
12 months ago
Should not the answer be "0" ? If we update existing firewall policies with global configurations in all three regions then there may not be any need to have parent policy in any region.
upvoted 1 times
...
Ale1973
1 year, 3 months ago
Selected Answer: B
Sorry but there isn't a strict requirement for the parent policy to be in the same region as the child policies. The parent policy and child policies can be associated with Azure Firewall instances in different regions. This is one of the benefits of Azure Firewall Manager—it allows you to manage firewall policies across regions from a centralized location.
upvoted 1 times
rishisoft1
8 months, 1 week ago
Hierarchical policies New policies can be created from scratch or inherited from existing policies. Inheritance allows DevOps to create local firewall policies on top of organization mandated base policy. Policies created with non-empty parent policies inherit all rule collections from the parent policy. The parent policy and the child policy must be in the same region. A firewall policy can be associated with firewalls across regions regardless where they're stored. https://learn.microsoft.com/en-us/azure/firewall-manager/policy-overview
upvoted 1 times
...
...
Trillionairejeffe
1 year, 5 months ago
Hierarchical policies New policies can be created from scratch or inherited from existing policies. Inheritance allows DevOps to create local firewall policies on top of organization mandated base policy. Policies created with non-empty parent policies inherit all rule collections from the parent policy. The parent policy and the child policy must be in the same region. A firewall policy can be associated with firewalls across regions regardless where they are stored: https://learn.microsoft.com/en-us/azure/firewall-manager/policy-overview#hierarchical-policies
upvoted 2 times
Trillionairejeffe
1 year, 5 months ago
Answer is : B
upvoted 2 times
...
...
bd1234
1 year, 8 months ago
B: Firewall Policy is the recommended method to configure your Azure Firewall. It's a global resource that can be used across multiple Azure Firewall instances in Secured Virtual Hubs and Hub Virtual Networks. Policies work across regions and subscriptions.
upvoted 1 times
...
bd1234
1 year, 9 months ago
Should be B. As the global parent policy, all else Hierarchical policies should call local policies, different than we call child of global.
upvoted 1 times
...
Anzus
1 year, 10 months ago
Selected Answer: B
The question states: You need to deploy a new Azure Firewall policy that will contain mandatory rules for all Azure Firewall deployments. The new policy will be configured as a parent policy for the existing policies. It also states that the policies are already created. If you need one for all of them, you only need to create 1, the "Firewall Policy" that is a global resource. Since this works as hub and spoke, you only need one to centrally manage the 3 policies that exist already.
upvoted 4 times
AzureMasterChamp
1 year, 8 months ago
It seems you are right! https://learn.microsoft.com/en-us/azure/firewall-manager/rule-hierarchy
upvoted 1 times
...
...
VBK8579
1 year, 10 months ago
Selected Answer: D
o have the existing policies linked to a new parent policy, each region must have a separate parent policy. Therefore, a minimum of 3 additional Azure Firewall policies would need to be created. The answer is D.
upvoted 2 times
VBK8579
1 year, 10 months ago
To have the existing policies linked to a new parent policy, each region must have a separate parent policy. Therefore, a minimum of 3 additional Azure Firewall policies would need to be created. The answer is D.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...