nerdexam
ExamsAZ-700Questions#21
MicrosoftMicrosoft

AZ-700 · Question #21

AZ-700 Question #21: Real Exam Question with Answer & Explanation

The correct answer is B: In a firewall policy, create an application rule.. Azure Firewall application rules are designed for outbound HTTP/HTTPS filtering and natively support FQDN wildcards such as *.contoso.com. This makes them the correct tool for allowing access to a wildcard HTTPS destination. Network rules (D) operate at the IP address and port le

Submitted by marco_it· Apr 18, 2026Design and implement Azure network security services

Question

You have an Azure virtual network that contains the subnets shown in the following table. You deploy an Azure firewall to AzureFirewallSubnet. You route all traffic from Subnet2 through the firewall. You need to ensure that all the hosts on Subnet2 can access an external site located at https://*.contoso.com. What should you do?

Options

  • ACreate a network security group (NSG) and associate the NSG to Subnet2.
  • BIn a firewall policy, create an application rule.
  • CIn a firewall policy, create a DNAT rule.
  • DIn a firewall policy, create a network rule.

Explanation

Azure Firewall application rules are designed for outbound HTTP/HTTPS filtering and natively support FQDN wildcards such as *.contoso.com. This makes them the correct tool for allowing access to a wildcard HTTPS destination. Network rules (D) operate at the IP address and port level and cannot match FQDNs. DNAT rules (C) handle inbound destination NAT, not outbound access control. An NSG (A) can filter by IP/port but has no FQDN awareness.

Topics

#Azure Firewall#Firewall Policy#Application Rules#FQDN filtering

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full AZ-700 PracticeBrowse All AZ-700 Questions