AZ-700 · Question #328
AZ-700 Question #328: Real Exam Question with Answer & Explanation
The correct answer is C: threat intelligence. Azure Firewall Premium processes rules in the following order: (1) Threat Intelligence (when set to Deny mode), (2) DNAT rules, (3) Network rules, (4) Application rules, (5) implicit infrastructure rules. Threat intelligence-based filtering, which uses Microsoft's threat intel fe
Question
You have an Azure subscription. You plan to deploy Azure Firewall Premium, enable all the Premium features, and configure both network and application rules. Which type of rule will the firewall process first?
Options
- Anetwork
- Bapplication
- Cthreat intelligence
- Dinfrastructure
Explanation
Azure Firewall Premium processes rules in the following order: (1) Threat Intelligence (when set to Deny mode), (2) DNAT rules, (3) Network rules, (4) Application rules, (5) implicit infrastructure rules. Threat intelligence-based filtering, which uses Microsoft's threat intel feed to block known-malicious IPs and FQDNs, is evaluated before any user-defined network or application rules. This ensures that traffic to/from known-bad actors is blocked immediately without even reaching your custom rule sets. Because the question specifies all Premium features are enabled-including threat intelligence in Deny mode-threat intelligence rules fire first.
Community Discussion
No community discussion yet for this question.