🔥 3-day streak
Microsoft Azure Network Engineer Associate23 / 152
Question 23 of 152

Contoso manages security for multiple Azure Firewall instances using Azure Firewall Manager. The security team creates a parent firewall policy named 'Corp-Base' that contains rule collection groups blocking known malicious FQDNs and enforcing threat intelligence. Regional teams need their own policies that add region-specific application rules but must not be able to remove or override the corporate blocking rules. You need to design the policy structure so that regional policies automatically include all Corp-Base rules while allowing regional additions. What should you do?

Reviewed for accuracy · Report an issueNext question