Designing and Implementing Azure for AWS Professionals — Question 15

You manage an Azure Firewall named FW1. FW1 includes a policy named Policy1. The policy contains a single rule collection group with the priority 300 and the following settings:

• A network rule collection with the priority 500
• A destination network address translation (DNAT) rule collection with the priority 300

You use the public IP address assigned to FW1 to connect to an Azure virtual machine (VM) named VM1 by using Remote Desktop from a home computer.

An administrator creates a policy named Policy2. The policy contains a single rule collection group with the priority 500 and the following settings:

• A network rule collection with the priority 600
• A DNAT rule collection with the priority 400
• Threat intelligence
• TLS inspection

The administrator configures Policy2 as a parent of Policy1.

You observe that you no longer can connect to VM1 with Remote Desktop by using the public IP address assigned to FW1 from your home computer.

You need to repair the connection.

What should you do?

Answer options

• A. Increase the priority of the DNAT rule collection of Policy2.
• B. Increase the priority of the rule connection group of Policy2.
• C. Modify TLS inspection settings.
• D. Modify threat-intelligence settings.

Correct answer: A

Explanation

The correct answer is A because increasing the priority of the DNAT rule collection in Policy2 allows it to take precedence over the conflicting rules, thereby restoring the Remote Desktop connection. The other options do not directly address the issue of rule priority that is preventing the connection to VM1.