ExpertThis question is part of a case study — click to read the full scenario(Case 51)
CASE STUDY (Questions 51-55)
Contoso Financial is a global investment bank.
Current Infrastructure:
- On-premises datacenters in New York, London, and Tokyo.
- Azure regions used: US East, Europe West, Japan East.
- Each on-premises datacenter is connected to its local Azure region via a 10 Gbps ExpressRoute circuit.
- Azure architecture uses a Hub-and-Spoke topology in each region.
Business Requirements:
- The network architecture must support global failover. If the US East region fails, the New York datacenter must be able to route traffic to the Europe West Azure region.
- All outbound internet traffic from Azure VMs must be inspected by a centralized firewall.
- Azure PaaS services (SQL, Storage) must not be accessible from the public internet.
- Network management overhead must be minimized as the company plans to add 50 more spoke VNets per region next year.
Question 1 of 5:
To meet the global failover requirement, the New York datacenter must be able to communicate with the Europe West Azure region if US East fails.
Which ExpressRoute feature or architecture should you implement?
AZ-305 · Question 52 · Domain 4.4: Design network solutions
CASE STUDY (Questions 51-55)
Contoso Financial is a global investment bank.
Current Infrastructure:
- On-premises datacenters in New York, London, and Tokyo.
- Azure regions used: US East, Europe West, Japan East.
- Each on-premises datacenter is connected to its local Azure region via a 10 Gbps ExpressRoute circuit.
- Azure architecture uses a Hub-and-Spoke topology in each region.
Business Requirements:
- The network architecture must support global failover. If the US East region fails, the New York datacenter must be able to route traffic to the Europe West Azure region.
- All outbound internet traffic from Azure VMs must be inspected by a centralized firewall.
- Azure PaaS services (SQL, Storage) must not be accessible from the public internet.
- Network management overhead must be minimized as the company plans to add 50 more spoke VNets per region next year.
Question 2 of 5:
To meet the requirement for centralized outbound internet inspection, you deploy Azure Firewall in the Hub VNet.
The security team mandates that the firewall must be able to inspect the payload of encrypted HTTPS traffic to detect malware, and it must use signature-based detection to block known malicious traffic.
Which TWO features of Azure Firewall must you utilize? (Select TWO)
CASE STUDY (Questions 51-55)
Contoso Financial is a global investment bank.
Current Infrastructure:
- On-premises datacenters in New York, London, and Tokyo.
- Azure regions used: US East, Europe West, Japan East.
- Each on-premises datacenter is connected to its local Azure region via a 10 Gbps ExpressRoute circuit.
- Azure architecture uses a Hub-and-Spoke topology in each region.
Business Requirements:
- The network architecture must support global failover. If the US East region fails, the New York datacenter must be able to route traffic to the Europe West Azure region.
- All outbound internet traffic from Azure VMs must be inspected by a centralized firewall.
- Azure PaaS services (SQL, Storage) must not be accessible from the public internet.
- Network management overhead must be minimized as the company plans to add 50 more spoke VNets per region next year.
Question 2 of 5:
To meet the requirement for centralized outbound internet inspection, you deploy Azure Firewall in the Hub VNet.
The security team mandates that the firewall must be able to inspect the payload of encrypted HTTPS traffic to detect malware, and it must use signature-based detection to block known malicious traffic.
Which TWO features of Azure Firewall must you utilize? (Select TWO)
Answer options:
TLS Inspection
Network Rules
Intrusion Detection and Prevention System (IDPS)
Threat Intelligence based filtering
Application Rules
How to approach this question
Full Answer
Common mistakes
Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 3
55 questions · hints · full answers · grading