Free Microsoft Azure AZ-700 Actual Exam Questions - Question 14 Discussion
HOTSPOT You have an Azure subscription that contains an Azure Firewall policy named FWPolicy1. You need to configure FWPolicy1 to meet the following requirements • Allow traffic based on the FQDN of the destination. • Allow TCP traffic based on the source. Which types of rules should you use for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. 
Application rules are best for filtering by FQDN, while Network rules allow control of TCP traffic by source IP. This matches the need to filter destination domains and source-based TCP traffic separately.
Application rules for FQDN and Network rules for TCP by source IP makes sense here.
For the FQDN filtering part, Application rules are definitely the way to go since they explicitly support domain names. For the TCP traffic filtered by source IP, Network rules fit best because they let you specify source IPs and protocols like TCP. It makes sense to separate these by rule type since Application rules don’t handle source IP filtering well. So, it’s pretty straightforward: Application rules for FQDN and Network rules for TCP by source IP. No need to overcomplicate with Service or NAT rules here.
I agree that Application rules are the go-to for FQDN filtering since they work with domain names. For allowing TCP traffic based on source IP, Network rules make more sense because you can specify IPs and ports there. So, it’s a split: Application rules handle the domain-based filtering, and Network rules handle source-based TCP traffic. That means picking Application rules for the FQDN requirement and Network rules for the TCP source requirement fits perfectly. This matches with option B for FQDN and option A for TCP source.
For the FQDN part, it’s definitely Application rules since they handle domain names. For TCP traffic by source, Network rules fit best because you can specify source IPs there, so B and A make sense.
I’d skip using Network rules for the source-based TCP traffic since they don’t support FQDN filtering. Instead, use Application rules for FQDN filtering and Network rules for TCP traffic based on source IP. Option B and C probably.