New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft AZ-500 Exam - Topic 10 Question 78 Discussion

Actual exam question for Microsoft's AZ-500 exam
Question #: 78
Topic #: 10
[All AZ-500 Questions]

You have an Azure subscription that contains the resources shown in the following table.

You need to configure AFW1 to only allow traffic from VM1 to storage accounts in the West US Azure region. The solution must minimize administrative effort.

What should you configure?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Edwin at Jan 14, 2025, 04:27 AM

Limited Time Offer

25%

Off

Get Premium AZ-500 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Maryrose
3 months ago
Nah, I think a DNAT rule could be useful here.
upvoted 0 times
...
Nichelle
3 months ago
Surprised this is even a question, it's pretty straightforward!
upvoted 0 times
...
Florinda
3 months ago
I thought an application rule might work too...
upvoted 0 times
...
Penney
4 months ago
Totally agree, network rules are the way to go!
upvoted 0 times
...
Johna
4 months ago
You need a network rule for that.
upvoted 0 times
...
Tayna
4 months ago
I’m confused about whether to use a network rule or an application rule. I need to recall which one is more focused on IP-based filtering.
upvoted 0 times
...
Ernest
4 months ago
I’m leaning towards the DNAT rule, but I feel like that’s more for translating addresses rather than just allowing traffic from one VM.
upvoted 0 times
...
Winfred
5 months ago
I remember practicing a similar question where we had to restrict access to storage accounts. I think an application rule might be more appropriate, but I could be wrong.
upvoted 0 times
...
Jerlene
5 months ago
I think we need to set up a network rule since it specifically controls traffic flow, but I'm not entirely sure if that's the best option here.
upvoted 0 times
...
Felix
5 months ago
An application rule seems like it would be more complex than necessary. I'd focus on the network rule to keep things simple and efficient.
upvoted 0 times
...
Gail
5 months ago
An SNAT private IP address range could work, but that might be overkill for this scenario. I'd probably go with the network rule option.
upvoted 0 times
...
Tiffiny
5 months ago
Hmm, I'm not sure if a DNAT rule would be the right solution since we need to restrict traffic to a specific region, not just a specific VM.
upvoted 0 times
...
Verona
5 months ago
I think a network rule would be the best approach here to minimize administrative effort and only allow traffic from VM1 to the West US storage accounts.
upvoted 0 times
...
Shantay
1 year ago
But wouldn't a network rule be more specific and efficient in this scenario?
upvoted 0 times
...
Jina
1 year ago
I disagree, I believe the answer is A) a DNAT rule.
upvoted 0 times
...
Evan
1 year ago
Haha, this question is a real brain-teaser! I'm leaning towards B) a network rule, but I can see the argument for D) an application rule too. Gotta love these Azure firewall questions.
upvoted 0 times
Sheridan
1 year ago
User3: Yeah, I would go with B) a network rule as well.
upvoted 0 times
...
Lorean
1 year ago
User2: I agree, it seems like the most logical choice.
upvoted 0 times
...
Hannah
1 year ago
User1: I think B) a network rule is the way to go.
upvoted 0 times
...
...
Shantay
1 year ago
I think the answer is B) a network rule.
upvoted 0 times
...
Cherilyn
1 year ago
Hmm, I'm not sure. B) a network rule seems like the most straightforward option, but D) an application rule could also work if we need to specify the specific application protocol and port.
upvoted 0 times
...
Brynn
1 year ago
I think the answer is B) a network rule. This would allow us to configure the firewall to only allow traffic from VM1 to the specific storage accounts in the West US region, which is what the question is asking for.
upvoted 0 times
Elenore
1 year ago
Definitely, B) a network rule is the way to go in this situation.
upvoted 0 times
...
Denny
1 year ago
Yes, a network rule would be the best option for this scenario.
upvoted 0 times
...
Jenelle
1 year ago
I agree, B) a network rule is the correct answer.
upvoted 0 times
...
...

Save Cancel