You have an Azure environment that contains 10 virtual networks and 100 virtual machines.
You need to limit the amount of inbound traffic to all the Azure virtual networks.
What should you create?
Click on the arrows to vote for the correct answer
A. B. C. D.D
You can restrict traffic to multiple virtual networks with a single Azure firewall.
Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
You can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks. Azure Firewall uses a static public IP address for your virtual network resources allowing outside firewalls to identify traffic originating from your virtual network.
https://docs.microsoft.com/en-us/azure/firewall/overviewThe correct answer for this question is D. One Azure firewall.
Explanation:
An Azure firewall is a cloud-based network security service that allows you to control network traffic and protect your virtual networks from unwanted traffic. It provides inbound protection for non-HTTP/S protocols and outbound protection for all protocols. With Azure Firewall, you can create, enforce, and log application and network connectivity policies across multiple subscriptions and virtual networks.
In this scenario, there are 10 virtual networks that need to be protected, and the requirement is to limit the amount of inbound traffic to all the Azure virtual networks. Creating 10 virtual network gateways or 10 Azure ExpressRoute circuits would provide connectivity between the virtual networks and other networks or services, but they would not limit the amount of inbound traffic.
Creating one application security group (ASG) would not be sufficient to limit the amount of inbound traffic to all the Azure virtual networks. An ASG is a logical container for grouping virtual machines that have a similar function, security, and connectivity requirements. It allows you to apply network security policies to a group of virtual machines instead of individual virtual machines.
Therefore, the best option to limit the amount of inbound traffic to all the Azure virtual networks would be to create one Azure firewall. With Azure firewall, you can create and enforce inbound network rules to allow or deny traffic based on source IP address, destination IP address, port, and protocol. Additionally, you can create network security groups (NSGs) to allow or deny traffic between subnets within a virtual network.
The correct answer to the question is C. Azure Marketplace.
Azure Marketplace is an online store for buying and selling cloud solutions certified to run on Azure. It offers a vast range of third-party virtual appliances that can be deployed to Azure subscriptions, including security appliances such as firewalls, intrusion detection and prevention systems, and other security solutions.
Using Azure Marketplace, you can easily browse, purchase, and deploy the virtual security appliance of your choice to your Azure subscription. The Marketplace provides a wide range of solutions from different vendors with different licensing models and pricing options. It also offers a free trial option for many solutions, allowing you to test the appliance before purchasing.
Azure Security Center, on the other hand, is a cloud-based security management solution that helps you prevent, detect, and respond to threats across your Azure environment. While it provides security recommendations and alerts, it is not a marketplace for purchasing third-party virtual appliances.
Azure subscriptions and Microsoft Store are also not relevant to this question, as they do not provide third-party virtual security appliances.
In summary, to purchase a third-party virtual security appliance for deployment to an Azure subscription, you should use Azure Marketplace.