Domain 4.4: Design Network Solutions — AZ-305 Practice Question 52

How to approach this question

Centralized inspection requires a Hub and Spoke. Forcing traffic to the firewall requires UDRs.

Full Answer

B.Hub and Spoke topology with Azure Firewall in the hub, and User Defined Routes (UDRs) on the spoke subnets pointing to the Firewall.✓ Correct

A Hub and Spoke topology centralizes shared services. To enforce security, an Azure Firewall is placed in the Hub VNet. However, by default, peered VNets route traffic directly to each other. To force the traffic through the firewall for inspection, you must deploy User Defined Routes (UDRs) on the spoke subnets, setting the 'Next Hop' to the private IP address of the Azure Firewall.

Common mistakes

Forgetting the UDRs. Just placing a firewall in the hub does nothing unless you manipulate the routing tables to send traffic to it.

How to approach this question

Full Answer

Common mistakes

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 4

More questions from this exam