Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

You manage two Azure Firewall instances named FW-EUS and FW-WEU that are deployed in separate subscriptions. Both firewalls must enforce a common set of deny rules, however each regional team needs to add its own additional rules that can override or extend the common set without editing the shared rules directly. You want the solution to be centrally managed and require the least administrative effort going forward.

Which approach should you implement?

  • Create an IP Groups resource for shared addresses and reference it in separate firewall rule collections configured individually on each firewall.

  • Attach the same standalone Azure Firewall Policy that contains both common and regional rules directly to both firewalls and update it whenever a region needs changes.

  • Create a single Azure Firewall Policy that contains the common rules, then create a child Firewall Policy for each region and associate each child policy with its respective firewall.

  • Use Azure Policy to deploy identical Network Security Groups (NSGs) with deny rules to the subnets that host the firewalls, and let each region modify the NSGs as required.

Microsoft Azure Security Engineer Associate AZ-500
Secure networking
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot