Designing and Implementing Azure for AWS Professionals — Question 26

A company has an Azure tenant. The company deploys an Azure firewall named FW1 to control access from an on-premises datacenter to an Azure virtual machine named VM1.

The company troubleshoots ICMP connectivity from the on-premises datacenter to VM1. You are unable to ping VM1 from an on-premises server.

You need to determine if ICMP connectivity to VM1 is allowed on FW1.

What should you do?

Answer options

• A. Use the ping command targeting the IP address of VM1 and review the Network rules log of FW1.
• B. Use the ping command targeting the IP address of VM1 and review the command’s response.
• C. Use the ping command targeting the IP address of VM1 and review the Infrastructure rules log of FW1.
• D. Use the ping command targeting the fully qualified domain name of VM1 and review the command’s response.

Correct answer: A

Explanation

The correct answer is A because reviewing the Network rules log of FW1 will provide insights into whether ICMP traffic is allowed through the firewall. Option B does not provide information about firewall rules, and C refers to the Infrastructure rules log, which is not applicable for ICMP. Option D is irrelevant as it targets the FQDN instead of the IP address, which is less useful for checking firewall rules.