AZ-700 · Question #337
AZ-700 Question #337: Real Exam Question with Answer & Explanation
The correct answer is C: an Azure key vault. TLS inspection (also called SSL inspection) in Azure Firewall requires the firewall to decrypt, inspect, and re-encrypt outbound HTTPS traffic using an intermediate CA certificate. Two resources are required: (C) an Azure Key Vault to securely store the CA certificate and private
Question
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains an Azure Virtual Desktop host pool named Pool1. You need to implement Azure Firewall and TLS inspection for all the outbound traffic from Pool1. Which two resources should you configure? Each correct answer present part of the solution. NOTE: Each correct answer is worth one point.
Options
- Aan Azure Private DNS zone
- Ba private endpoint
- Can Azure key vault
- Dan Azure NAT gateway
- Ea Microsoft Entra enterprise app
- Fa managed identity
Explanation
TLS inspection (also called SSL inspection) in Azure Firewall requires the firewall to decrypt, inspect, and re-encrypt outbound HTTPS traffic using an intermediate CA certificate. Two resources are required: (C) an Azure Key Vault to securely store the CA certificate and private key that Azure Firewall uses for TLS termination, and (F) a managed identity to grant Azure Firewall the permissions needed to access the certificate in Key Vault without storing credentials. Without both, Azure Firewall cannot retrieve the certificate to perform TLS inspection.
Community Discussion
No community discussion yet for this question.