Using Azure Reserved Virtual Machines (VM) Instances
Question
You have an Azure environment that contains 10 virtual networks and 100 virtual machines.
You need to limit the amount of inbound traffic to all the Azure virtual networks.
What should you create?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.D
You can restrict traffic to multiple virtual networks with a single Azure firewall.
Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
You can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks. Azure Firewall uses a static public IP address for your virtual network resources allowing outside firewalls to identify traffic originating from your virtual network.
https://docs.microsoft.com/en-us/azure/firewall/overviewThe best answer for this scenario is D, one Azure firewall.
An Azure firewall is a managed network security service that helps protect your Azure virtual network resources. It allows you to create, enforce, and log application and network traffic policies across your subscriptions and virtual networks. With Azure Firewall, you can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks.
In this scenario, using one Azure firewall to limit the amount of inbound traffic to all the Azure virtual networks is the most efficient and cost-effective option. By using one Azure firewall, you can create and enforce traffic policies for all the virtual networks simultaneously. This eliminates the need to configure traffic policies separately for each virtual network, which can be time-consuming and prone to errors.
Option A, one application security group (ASG), is not the best answer because an ASG is used to group virtual machines that have the same security requirements. It doesn't help limit the amount of inbound traffic to virtual networks.
Option B, 10 virtual network gateways, is not the best answer because a virtual network gateway is used to establish a secure connection between your on-premises network and your Azure virtual network. It doesn't help limit the amount of inbound traffic to virtual networks.
Option C, 10 Azure ExpressRoute circuits, is not the best answer because Azure ExpressRoute is a service that enables you to create private connections between Azure datacenters and infrastructure that's on your premises or in a colocation environment. It doesn't help limit the amount of inbound traffic to virtual networks.
Therefore, the best answer for this scenario is D, one Azure firewall.
