AZ-800 - Microsoft Azure Networking Solutions Azure Firewall Policies Questions and Answers

Question 1

An organization wants to enforce a mandatory set of corporate security rules on all Azure Firewalls while allowing individual application teams to add their own specific rules.
The corporate rules must always be processed before the application-specific rules.
Which Azure Firewall Policy configuration should be used?

Accepted Answer

Create a parent Firewall Policy for corporate rules and child policies for each application team that inherit from the parent.

Answer

Create a single, global Firewall Policy and grant all teams contributor access.

Answer

Use classic firewall rules on each firewall and use Azure Policy to audit for compliance.

Answer

Create separate, independent Firewall Policies for corporate rules and for each application team.

Question 2

Which of the following Azure Firewall Policy features requires the Premium SKU to be enabled?

Accepted Answer

TLS Inspection

Answer

DNS Proxy

Answer

Threat intelligence-based filtering

Answer

FQDN filtering in Network Rules

Question 3

A network administrator is creating a new Azure Firewall Policy. Rules are organized within Rule Collections, which are in turn grouped into what higher-level container that is processed based on a priority value from 100 to 65,000?

Accepted Answer

Rule Collection Groups

Answer

Rule Sets

Answer

Action Groups

Answer

Security Groups

Question 4

An administrator needs to migrate an existing Azure Firewall that uses classic rules to a new Azure Firewall Policy without causing downtime. What is the recommended first step in this process?

Accepted Answer

Use the 'Migrate to firewall policy' option on the firewall's overview page to create a new policy from the existing rules.

Answer

Create a blank Firewall Policy and associate it with the firewall, which automatically imports the rules.

Answer

Delete all classic rules from the firewall before creating the new policy.

Answer

Manually document all classic rules and recreate them one by one in a new Firewall Policy.

Question 5

A parent Firewall Policy contains a Network Rule Collection Group with a priority of 300. A child policy inheriting from it contains a Network Rule Collection Group with a priority of 150. How will Azure Firewall process these rule collection groups?

Accepted Answer

The parent policy's group will be processed first because parent rules always have precedence.

Answer

An error will occur because the priorities of the inherited and local groups conflict.

Answer

The processing order is non-deterministic and can vary.

Answer

The child policy's group will be processed first because it has a lower (higher priority) number.

Question 6

An organization wants to use a single Azure Firewall Policy to manage the security rules for multiple Azure Firewall instances deployed across several different Azure regions. Which statement is true regarding this scenario?

Accepted Answer

A single Firewall Policy can be associated with multiple firewalls across different regions and subscriptions.

Answer

A Firewall Policy can only be associated with firewalls within the same region.

Answer

Each Azure Firewall requires a unique and dedicated Firewall Policy.

Answer

Firewall Policies can only be associated with firewalls deployed within an Azure Virtual WAN hub.