ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 4.4: Design Network SolutionsNetworkingHub and SpokeFirewall

AZ-305 · Question 52 · Domain 4.4: Design Network Solutions

You are designing the network architecture for a large enterprise.

The enterprise has an on-premises datacenter connected to Azure via ExpressRoute. In Azure, they have 50 'spoke' Virtual Networks. You need to ensure that all traffic between the spoke VNets, and all traffic from the spoke VNets to the Internet, is inspected by a centralized firewall.

Which network topology and routing configuration should you recommend?

Answer options:

A.

Mesh topology with VNet Peering between all 50 spokes.

B.

Hub and Spoke topology with Azure Firewall in the hub, and User Defined Routes (UDRs) on the spoke subnets pointing to the Firewall.

C.

Hub and Spoke topology with Network Security Groups (NSGs) on every spoke subnet.

D.

Azure Virtual WAN with a Basic Virtual Hub.

How to approach this question

Centralized inspection requires a Hub and Spoke. Forcing traffic to the firewall requires UDRs.

Full Answer

B.Hub and Spoke topology with Azure Firewall in the hub, and User Defined Routes (UDRs) on the spoke subnets pointing to the Firewall.✓ Correct
Hub and Spoke topology with Azure Firewall in the hub, and User Defined Routes (UDRs) on the spoke subnets pointing to the Firewall.
A Hub and Spoke topology centralizes shared services. To enforce security, an Azure Firewall is placed in the Hub VNet. However, by default, peered VNets route traffic directly to each other. To force the traffic through the firewall for inspection, you must deploy User Defined Routes (UDRs) on the spoke subnets, setting the 'Next Hop' to the private IP address of the Azure Firewall.

Common mistakes

Forgetting the UDRs. Just placing a firewall in the hub does nothing unless you manipulate the routing tables to send traffic to it.
51All questions53

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 4

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01CASE STUDY: Tailspin Toys Tailspin Toys is a global manufacturing company with 50,000 employees ...MediumQ02CASE STUDY: Tailspin Toys Tailspin Toys is a global manufacturing company with 50,000 employees ...MediumQ03CASE STUDY: Tailspin Toys Tailspin Toys is a global manufacturing company with 50,000 employees ...HardQ04CASE STUDY: Tailspin Toys Tailspin Toys is a global manufacturing company with 50,000 employees ...MediumQ05CASE STUDY: Tailspin Toys Tailspin Toys is a global manufacturing company with 50,000 employees ...Hard
View all 55 questions →