Create and configure Azure Firewall Manager

Practice Test

True/False: Azure Firewall Manager can manage Firewall policy across multiple subscriptions.

• True
• False

Answer: True

Explanation: Azure Firewall Manager is designed to provide centralized network security policy and route management for cloud-based security perimeters, including managing policies across multiple subscriptions.

Which of the following options allow you to use Azure Firewall Manager? (Multiple Select)

• A. Azure Virtual Networks (VNet)
• B. Multiple Subscription Management.
• C. Event Hubs
• D. Integrating with Azure Monitor

Answer: A, B, D

Explanation: Azure Firewall Manager works with Azure Virtual Networks, allows managing multiple subscriptions, and can be integrated with Azure Monitor. It does not have a direct integration with Event Hubs.

True/False: Azure Firewall Manager only supports Infrastructure as a Service (IaaS) resources.

• True
• False

Answer: False

Explanation: Azure Firewall Manager is designed to provide security management for cloud resources, including both Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) resources.

During the creation of an Azure Firewall Manager Policy. What do you need to define? (Single select)

• A. IP Addresses
• B. DNS settings
• C. Rules
• D. Subnet Sizes

Answer: C. Rules

Explanation: While creating an Azure Firewall Manager Policy, the most critical thing to define will be the set of rules that the firewall will follow.

True/False: You can use Azure Firewall Manager to enforce threat intelligence-based filtering.

• True
• False

Answer: True

Explanation: Azure Firewall Manager supports threat intelligence-based filtering. It uses data from the Microsoft Threat Intelligence feed for filtering traffic.

True/False: Azure Firewall Manager does not support hybrid connections like VPN or ExpressRoute.

• True
• False

Answer: False

Explanation: Azure Firewall Manager indeed supports hybrid connections including VPN and ExpressRoute.

Which of the following features are not supported by Azure Firewall Manager? (Single select)

• A. Multiple public IP addresses support
• B. Application rule collection
• C. Intrusion detection system
• D. Network rule collection

Answer: C. Intrusion detection system

Explanation: Although Azure Firewall Manager supports many key features, it does not have an in-built Intrusion Detection System.

What is Azure Firewall Manager primarily used for? (Single select)

• A. Load balancing applications
• B. Monitoring application performance
• C. Implementing centralized network security policies
• D. Backing up data

Answer: C. Implementing centralized network security policies

Explanation: Azure Firewall Manager is primarily used for creating, managing, and implementing centralized network security policies.

True/False: Azure Firewall Manager is free of charge.

• True
• False

Answer: False

Explanation: Azure Firewall Manager has associated costs, it is not a free service.

Integration of Azure Firewall Manager with which of the following allows visibility into your applications’ traffic patterns? (Single select)

• A. Azure Traffic Manager
• B. Azure Front Door
• C. Azure Monitor Insight
• D. Azure Load Balancer

Answer: C. Azure Monitor Insight

Explanation: The integration of Azure Firewall Manager with Azure Monitor Insight provides visibility into your applications’ traffic patterns.

Interview Questions

What is Azure Firewall Manager?

Azure Firewall Manager is a security management service that provides centralized network security policy and route management for globally distributed, multi-environment Azure Firewall instances.

Can Azure Firewall Manager manage multiple Azure Firewall instances?

Yes, Azure Firewall Manager can manage and configure multiple Azure Firewall instances throughout your network architecture from a single, centralized place.

What is Firewall Policy in Azure Firewall Manager?

Firewall Policy is a global resource that acts as a container for multiple firewall rules. These policies can be associated with one or more Azure firewalls.

How do you create a new Azure Firewall Manager policy?

You create a new policy through the Azure Portal by going to the Azure Firewall Manager service, choosing “Firewall Policies”, and then clicking on “+ Add firewall policy”.

What is a Hub in Azure Firewall Manager?

A Hub in Azure Firewall Manager is a virtual network where you deploy Azure Firewall instance. It acts as a consolidation point for routing traffic from various Spokes.

Can Azure Firewall Manager integrate with Azure Virtual WAN?

Yes, Azure Firewall Manager can be used with Azure Virtual WAN to centrally manage security policies and route management for various distributed, Internet-facing workloads.

Name the features available with Firewall Policy in Azure Firewall Manager?

With Firewall Policy in Azure Firewall Manager, you can manage rules and configurations, use multiple public IPs, enable Threat Intelligence and Intrusion Detection, utilize application rules, network rules, and more.

Can I use Azure Firewall Manager to manage on-premise firewalls?

No, Azure Firewall Manager is specifically designed to manage and configure Azure Firewall instances. It cannot manage on-premises firewalls.

What are Firewall Threat Intelligence modes in Azure Firewall Manager?

Threat Intelligence modes include Off, Alert and Deny. These modes determine what happens when traffic is detected coming from or going to known harmful IP addresses.

How do I migrate to a Firewall Policy from a traditional firewall rules collection?

In Azure portal, find your firewall resource, on the left menu, under ‘Settings’, select ‘Firewall policy’ then choose migrate rules and settings to a Firewall Policy.

What are Secured Virtual Hubs?

Secured Virtual Hubs are an Azure Virtual WAN Hub with associated security and routing policies, configured by Azure Firewall Manager.

What is a Spoke in Azure Firewall Manager?

A Spoke in Azure Firewall Manager is a virtual network that can be associated with a Hub. Traffic from Spoke to Spoke, or from Spoke to internet, routes through the Hub.

Does Azure Firewall Manager support both IPv4 and IPv6 rules?

As of now, Azure Firewall Manager only supports IPv4 rules.

Can Azure Firewall Manager configure Azure Application Gateway?

No, Azure Firewall Manager does not have the capability to configure Azure Application Gateway.

Can I use Azure Firewall Manager to manage Azure Firewall systems in different subscriptions?

Yes, Azure Firewall Manager can manage Azure Firewall instances across different subscriptions as long as those subscriptions are under the same Azure Active Directory tenant.