Configuring Azure Firewall for Accessing VM1 over HTTP

Configuring Azure Firewall

Prev Question Next Question

Question

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your Azure environment contains multiple Azure virtual machines.

You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.

Solution: You modify an Azure firewall.

Does this meet the goal?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B.

A

Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.

In this question, we need to add a rule to Azure Firewall to allow the connection to the virtual machine on port 80 (HTTP).

https://docs.microsoft.com/en-us/azure/firewall/overview

The solution provided in the question is not sufficient to meet the goal of making VM1 accessible from the Internet over HTTP.

Modifying an Azure firewall is not the correct solution because an Azure firewall is designed to control traffic to and from Azure resources, not to make them accessible from the Internet.

To make VM1 accessible from the Internet over HTTP, you need to perform the following steps:

  1. Assign a public IP address to the virtual machine.
  2. Configure the Network Security Group (NSG) associated with the virtual machine to allow inbound traffic on port 80 (HTTP).
  3. Configure the virtual machine's operating system to listen on port 80 for incoming HTTP traffic.

Once these steps are completed, VM1 will be accessible from the Internet over HTTP.

Therefore, the correct answer is B. No.

The correct answer is B. an Azure policy.

An Azure policy is a service in Azure that allows you to create, assign, and manage policies that enforce rules and effects over your resources. You can use Azure policies to enforce compliance with your corporate standards and best practices for security, operations, and compliance.

To ensure that administrators can only create resources in specific regions, you can create an Azure policy that restricts resource creation to those specific regions. You can also assign this policy to the relevant scope, such as the subscription or resource group. Once assigned, Azure will evaluate the policy and prevent administrators from creating resources in regions that are not allowed by the policy.

Here are some additional details on the other options:

A. A read-only lock is a feature in Azure that prevents all users, including administrators, from deleting or modifying a resource. This would not help to restrict resource creation to specific regions.

C. A management group is a way to manage access, policy, and compliance across multiple subscriptions. While management groups can help you manage access to resources, they do not provide the ability to restrict resource creation to specific regions.

D. A reservation is a way to prepay for a specific Azure resource, such as a virtual machine or database, to receive a discount. This would not help to restrict resource creation to specific regions.