AZ-801 Question #1: Real Exam Question with Answer & Explanation

Question

You are remediating the firewall security risks to meet the security requirements. What should you configure to reduce the risks?

Options

• Aa Group Policy Object (GPO)
• Badaptive network hardening in Microsoft Defender for Cloud
• Ca network security group (NSG) in Sub1
• Dan Azure Firewall policy

Explanation

To remediate firewall security risks, a Group Policy Object (GPO) can be configured to manage firewall rules across multiple Windows-based machines, ensuring consistent security policies.

Common mistakes.

• B. Adaptive network hardening in Microsoft Defender for Cloud recommends NSG rules based on actual traffic patterns, which is reactive and typically applies to Azure VMs, not direct remediation for existing firewall risks on potentially on-premises systems.
• C. A network security group (NSG) is used to filter network traffic to and from Azure resources within an Azure Virtual Network, and it is not directly applicable to managing firewall risks on potentially on-premises server or workstation firewalls.
• D. An Azure Firewall policy manages the rules for an Azure Firewall, which is a network security service in Azure, and not a tool for remediating risks on individual server or workstation firewalls directly unless they are protected by Azure Firewall.

Concept tested. Centralized Windows Firewall management with GPO

Reference. https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/configure-windows-firewall-with-advanced-security-properties

No community discussion yet for this question.