Design and implement Azure network security services Questions
Practice questions for Design and implement Azure network security services topic in Microsoft Certified: Azure Network Engineer Associate. 37 questions covering this domain.
A security architect needs an Azure firewall SKU that provides L3 through L7 filtering and Microsoft threat intelligence feeds. Which SKU should be se...
An administrator removes the NSG rule that originally allowed an active SSH session to a virtual machine. What happens next?
A company hosts an internet-facing web application in Azure and wants protection against volumetric Layer 3 and Layer 4 attacks as well as application...
A team wants NSG rules that refer to application roles such as web servers and app servers instead of explicit IP addresses. Which Azure construct sho...
A central IT group needs to author and apply common Azure Firewall policies across multiple subscriptions and secured virtual hubs. Which service shou...
Which Azure service is designed to protect web applications from common exploits such as SQL injection and cross-site scripting?
Which default inbound network security group rule allows Azure Load Balancer health probes?
A regulated workload requires signature-based intrusion detection and prevention in Azure Firewall. Which SKU should be used?
A web application firewall policy should actively block malicious requests instead of only logging them. Which WAF mode should be configured?
Which Azure Firewall capability decrypts outbound HTTPS, applies IDPS signatures, and re-encrypts traffic?
A regulated environment must use customer-managed keys for the certificate Azure Firewall Premium uses to perform TLS inspection. Where is the interme...
Which Azure construct lets you author rules that apply across many VNets and override NSGs at scale, even when individual VNet owners have different N...
Azure Firewall must SNAT all outbound traffic to specific public IPs to satisfy a SaaS allowlist. How are the firewall's outbound public IPs chosen?
An NSG flow log must be exported in higher-fidelity format (with packet/byte counters and Microsoft service identification). Which version should be c...
Which combination provides DDoS protection plus L7 web protection at Azure's global edge for an internet-facing app?
Which Azure Firewall feature acts as a fully qualified domain name target for outbound HTTPS rules, even on the Standard SKU, using SNI?
A team needs to inspect spoke-to-internet traffic centrally with Azure Firewall Premium IDPS while also forcing all spoke-to-spoke traffic through the...
Which Azure Firewall feature lets you organize and reuse rules across multiple firewall instances?
An Application Gateway WAF policy in prevention mode using OWASP CRS blocks legitimate API requests because of false-positive matches against a single...
An organization uses Azure Firewall Premium with TLS inspection. Certificates for a specific internal application use a self-signed certificate, causi...
Sign in to see all 37 questions
Create a free account to browse all questions — completely free during our launch phase.