Network Diagram PBQs: Exam AZ-500: Microsoft Azure Security Technologies

easy

Question 1 of 3

You are a security engineer configuring an Azure VNet with three subnets for a line-of-business application. The Web Subnet hosts internet-facing resources protected by NSGs. The Application Subnet hosts backend services that should not be directly reachable from the internet. The Data Subnet isolates database resources with the strictest access controls. An Azure Firewall and a web application VM are already deployed. Assign the remaining resources to the correct subnets based on network security best practices.

Network Topology

Web Subnet

Internet-facing — Azure Firewall, Application Gateway, web VMs

Azure Firewall🔒

Web Application VM🔒

Application Subnet

Backend APIs, microservices, internal load balancers

Drop devices here

Data Subnet

Azure SQL, storage accounts, private endpoints

Drop devices here

Available Devices

Drag devices into the correct network zone above

Application Gateway

API Server VM

Azure SQL Private Endpoint

Progress

0 of 3 devices placed

Drag devices into the correct network zones

0 of 3 marked complete