ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-700 All Questions

View all questions & answers for the AZ-700 exam
Go to Exam

Exam AZ-700 topic 4 question 26 discussion

Actual exam question from Microsoft's AZ-700
Question #: 26
Topic #: 4
[All AZ-700 Questions]

SIMULATION
-




Username and password
-

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Azure Username: [email protected]

Azure Password: xxxxxxxxxx
-

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the
portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 12345678
-

You need to create an Azure Firewall instance named FW1 that meets the following requirements:

• Has an IP address from the address range of 10.1.255.0/24
• Uses a new Premium firewall policy named FW-policy1
• Routes traffic directly to the internet

To complete this task, sign in to the Azure portal.

Show Suggested Answer Hide Answer
Suggested Answer:
by tzatziki at Feb. 7, 2023, 11:53 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
wooyourdaddy
Highly Voted 1 year, 7 months ago
I believe the requirement: • Routes traffic directly to the internet Is supposed to indicate that the FW should not use Forced Tunneling. When you configure a new Azure Firewall, you can route all Internet-bound traffic to a designated next hop instead of going directly to the Internet. For example, you may have a default route advertised via BGP or using User Defined Route (UDR) to force traffic to an on-premises edge firewall or other network virtual appliance (NVA) to process network traffic before it's passed to the Internet. Source: https://learn.microsoft.com/en-us/azure/firewall/forced-tunneling
upvoted 10 times
JohnnyChimpo
1 year, 5 months ago
Does that mean that no further configuration is needed since all traffic will be router to the Internet by default?
upvoted 1 times
...
...
Lazylinux
Highly Voted 1 year ago
* Create Firewall and ensure no Forced Tunneling enabled * Create Route table and ensure 0.0.0.0/0 as Destination IP addresses/CIDR ranges and the NVA is the firewall Private IP (get it from overview page) * Associate the Route table with subnet in which the FW will direct the traffic to internet on behalf of That is all required
upvoted 6 times
...
Efi20005
Most Recent 2 months, 1 week ago
create the firewall as the above answer given , use address space 10.1.0.0/16. so that this will match with the ip address 10.1.255.0/24.The question says connect direct to internet create a public IP address will give access to internet .0.0.0.0/0 your subnet to NVA
upvoted 1 times
...
Sergovladi
3 months ago
You need to select Premium Policy SKU for FW, create a default route table for 0.0.0.0/0 with next hop to FW (virtual appliance), and create a network rule in FW to allow outbound traffic to the Internet
upvoted 2 times
...
manhattan
3 months, 3 weeks ago
Selected Answer: A
Anyone knows if these labs are really in the exam? I see a lot of them but no one has never texted to have found it.
upvoted 1 times
...
cerifyme85
7 months, 2 weeks ago
U don't need a UDR, question is just asking about firewall routing. Firewall would just use its PIP to communicate directly, using Azure internet service
upvoted 1 times
...
Aziza_Adam
1 year, 8 months ago
1- create FW with policy (also create vnet using /16 and choose the provided range for the subnet. 2- Create Route table 3- Add routing rule that route 0.0.0.0/0 to NVA then give the private IP address of your firewall
upvoted 4 times
MrBlueSky
1 year, 6 months ago
NVA =/= Azure Firewall NVAs are frequently Firewalls that are hosted on Azure VMs. This is not the same thing as the actual product called 'Azure Firewall'
upvoted 1 times
...
ABIYGK
1 year, 4 months ago
Route table needs to be assocaited. Defing a routing table will not do anything. This means routeable could ony be assocaiated to a Subnet not a Firewall.
upvoted 1 times
...
...
tzatziki
1 year, 8 months ago
*Routes traffic directly to the internet So, in order to achive this: I made a route pointing to my firewall IP (0.0.0.0/0 -> Virtual Appliance + IP) and an application rule allowing http / https in the firewall. ... Network rule made no difference as concerned my vm reaching its internet bound traffic. Used this for reference: https://learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal-policy
upvoted 5 times
Discussions22
12 months ago
and what is the destination in app rule? and source 0.0.0.0/0 is not supported also
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago