Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

You manage VNet1, which has two subnets: Workload (10.0.1.0/24) and AzureFirewallSubnet (10.0.2.0/24). Azure Firewall (private IP 10.0.2.4) runs in AzureFirewallSubnet. All outbound traffic from Workload VMs must pass through the firewall, but traffic to Azure services that use service endpoints must remain unaffected. With minimal change and no downtime, what should you configure on the Workload subnet?

  • Enable forced tunneling on an Azure VPN or ExpressRoute virtual network gateway and configure 10.0.2.4 as the default route for the gateway.

  • Create a route table that contains a route for 0.0.0.0/0 with next hop type Virtual appliance set to 10.0.2.4, and associate the table with the Workload subnet.

  • Add an outbound deny rule for destination 0.0.0.0/0 to the network security group attached to the Workload subnet, then add service-endpoint rules for required services.

  • Create a route table that contains a route for 0.0.0.0/0 with next hop type Internet and associate the table with both subnets.

Microsoft Azure Security Engineer Associate AZ-500
Secure networking
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot