AZ-500 · Question #474
AZ-500 Question #474: Real Exam Question with Answer & Explanation
This question tests knowledge of Azure Firewall deployment requirements, specifically which resource group and subnet configurations are valid for deploying an Azure Firewall instance.
Question
Hotspot Question You have an Azure subscription that contains the resources shown in the following table. VNet1 contains the subnets shown in the following table. You plan to use the Azure portal to deploy an Azure firewall named AzFW1 to VNet1. Which resource group and subnet can you use to deploy AzFW1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer:
Options
- __typehotspot
- variantdropdown
Explanation
This question tests knowledge of Azure Firewall deployment requirements, specifically which resource group and subnet configurations are valid for deploying an Azure Firewall instance.
Approach. Azure Firewall can be deployed to any resource group, including one that already contains other resources - the resource group does not need to be empty or in a specific state, so any resource group in the subscription is valid. However, the subnet has a strict requirement: it MUST be named exactly 'AzureFirewallSubnet' and must be at least /26 in size (a /26 or larger CIDR block, meaning /26, /25, /24, etc.). Any subnet in VNet1 that is named 'AzureFirewallSubnet' with a size of /26 or larger is the correct subnet choice. Subnets with other names (e.g., 'Subnet1', 'default') cannot be used regardless of their size.
Concept tested. Azure Firewall deployment prerequisites: the subnet must be named exactly 'AzureFirewallSubnet' and be at least /26 in size; any resource group can host the firewall.
Reference. https://learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal
Topics
Community Discussion
No community discussion yet for this question.