AZ-500 Secure networking • Timed 15 Questions
This is a timed practice session. You have 15 minutes to answer 15 questions — approximately 1 minute per question, matching real AZ-500 exam pace. Answer every question before time expires.
Time remaining
15:00
Exam-pace drill
Allow 1 minute per question. On the real AZ-500 exam you have approximately 72 seconds per question — this session trains you to maintain that pace under pressure.
A company has a hub-spoke network topology. The hub virtual network contains an Azure Firewall and an ExpressRoute gateway for on-premises connectivity. The spoke virtual network hosts a critical application. They need to ensure that all outbound traffic from the spoke to the internet and to on-premises networks is routed through the Azure Firewall. They configure a user-defined route (UDR) on the spoke subnet with address prefix 0.0.0.0/0 and next hop as the Azure Firewall's private IP. They also disable 'Virtual network gateway route propagation' on the spoke subnet. However, traffic to on-premises still bypasses the firewall and goes through the ExpressRoute gateway. What is the most likely cause?