Microsoft Azure Security Engineer Associate AZ-500 Practice Question
You have two Azure virtual networks named VNetA and VNetB that are connected by virtual network peering. An Azure Firewall with a private IP address of 10.0.0.4 is deployed in a dedicated subnet in VNetA. You must ensure that virtual machines in the subnet named AppSubnet in VNetB route all outbound internet traffic through the firewall. What should you configure on AppSubnet?
Add all virtual machines in AppSubnet to an application security group and permit traffic only from the AzureFirewall service tag.
Create a user-defined route with an address prefix of 0.0.0.0/0, next hop type set to Virtual appliance, and next hop IP address 10.0.0.4.
Create and associate a network security group on AppSubnet that denies outbound traffic to the Internet service tag.
Enable the Use remote gateway option on the VNet peering connection between VNetA and VNetB.
To send all outbound traffic from AppSubnet through the Azure Firewall, create a user-defined route that advertises 0.0.0.0/0 with a next hop type of Virtual appliance and a next hop IP of 10.0.0.4. This forces every packet that does not match a more specific route to be forwarded to the firewall. Simply denying the Internet service tag with a network security group would block traffic instead of inspecting it, the remote gateway setting applies to VPN gateways rather than peered VNets, and an application security group cannot be used as a routing target.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a user-defined route in Azure?
Open an interactive chat with Bash
What is the 'Virtual appliance' next hop type?
Open an interactive chat with Bash
How does virtual network peering affect routing?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure networking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .