HOTSPOT
-
You have an Azure subscription that contains the resources shown in the following table.
VNet1 contains the subnets shown in the following table.
You plan to use the Azure portal to deploy an Azure firewall named AzFW1 to VNet1.
Which resource group and subnet can you use to deploy AzFW1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Tested on my Lab. Firewall must be on the same RG as the AzureFirewallSubnet, which is RG2. If I select RG1 or RG3, Azure gives an error.
R2 AzureFirewallSubnet Came in exam 4th November, pressed with 921 score
Yes. The firewall, VNet, and the public IP address all must be in the same resource group. Answer would be RG2 and then AzureFirewallSubnet
Box 1: RG2, https://learn.microsoft.com/en-us/azure/firewall/firewall-faq
Correct: The firewall, VNet, and the public IP address all must be in the same resource group.
Box 1: RG2 The firewall, VNet, and the public IP address all must be in the same resource group. https://learn.microsoft.com/en-us/azure/firewall/firewall-faq Box 2: AzureFirewallSubnet only The subnet name must be AzureFirewallSubnet. https://learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal
For the Box 1 I agrees it's RG2 as the VNet where the possible AzFW subnets are is in RG2 and AzFW needs to be in same RG than it's subnet. However for the box 2, 3 subnets are in RG2 and have nothing deployed in them, the "AzureFirewallSubnet" subnet name is mandatory ??
https://learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal "the subnet name must be AzureFirewallSubnet."
VNET1 is in RG2 and has a readily available AzureFirewallSubnet so its RG2 and AzureFirewallSubnet.
In Exam20/07/2024
Supporting the answer. https://learn.microsoft.com/en-us/azure/firewall/firewall-faq Are there any firewall resource group restrictions? Yes. The firewall and VNet must be in the same resource group. The public IP address can be in any resource group. The firewall, VNet, and the public IP address all must be in the same subscription. Answer = R2 AzureFirewallSubnet
1-RG2 2- AzureFirewallSubnet Firewall and Vnet must be in the same RG. Firewall region doesn't matter.
This case study and this question appeared on 15/05/2024 exam. Chosen below answers R2 AzureFirewallSubnet
RG1,2,3 and AzureFirewallSubnet. AzureFirewall and VNet must be in the same Location, but RG can be separate. VNet1 has a Location Central US, so the Firewall must be in Central US. RG doesn't have a Location, so you "can" deploy AzFirewall on all of RG1,2 and 3. In this question, the VNet1 is in RG2, so RG2 is better choice.
in exam 13 Oct
For Box2: It seems answer is AzureFirewallSubnet. Explanation: Azure Firewall Subnet Name is mandatory. https://learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal
>The RG hosting the VNET is in West US. >The VNET itself is in Central US. (a RG deployed to one location can host a VNET deployed to another.) >The FW must be deployed to a VNET in the same RG and location. (so, the FW can only be deployed to RG2 and the Central US Region which is where the VNET is deployed to and can only have a SUBNET that is named AzureFirewallSubnet. Just like the VNET, the FW can be deployed to one region and be hosted in another, but it share the same location as the VNET it will use along with the same RG the VNET is using. 150%
RG2 AZURE FIREWALL, AZURE FIREWALL SUBNET, OR SUBNET 2 ONLY ANY OF THE THREE SUBNETS CAN BE CHOSEN FOR THE FIREWALL BECAUSE THEY ARE IN THE SAME VNET AND CONTAIN NO RESOURCES.
I stand corrected on the second second question: THE SUBNET MUST BE NAMED AzureFirewallSubnet.
Please note that the naming of Subnet is important. Only allowed name is "AzureFirewallSubnet"
AzureFirewallSubnet is the correct answer, deployed in RG3 because VNet1 is in the same location..
Correction: deployed in RG2