ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 6 question 20 discussion

Actual exam question from Microsoft's AZ-500
Question #: 20
Topic #: 6
[All AZ-500 Questions]

HOTSPOT
-

You are implementing an Azure Application Gateway web application firewall (WAF) named WAF1.

You have the following Bicep code snippet.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by Mnguyen0503 at Jan. 13, 2024, 4:27 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Mnguyen0503
Highly Voted 1 year, 3 months ago
I believe answer is YNY. WAF is in Detection mode, which means it won't take any action. https://learn.microsoft.com/en-us/azure/web-application-firewall/cdn/cdn-overview#waf-modes As far as the file upload limit, I only found 1 article indicating the limit is 2GB. https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/waf-engine
upvoted 16 times
Pamban
11 months, 3 weeks ago
agreed with the explanation. thanks
upvoted 2 times
...
Vokuhila
1 year, 3 months ago
More info about file size limits can be found here https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#application-gateway-limits Maximum file upload size (Standard SKU) V2 - 4 GB V1 - 2 GB
upvoted 4 times
...
...
ITFranz
Most Recent 2 months ago
To support the Anawer: The Web Application Firewall (WAF) policy is set to Detection mode in your Bicep code, the rules will not take any blocking actions on incoming traffic. In Detection mode, the WAF operates as follows: Monitors and logs all threat alerts without blocking requests Inspects incoming requests and matches them against configured rules Logs any matches to the WAF logs for analysis Allows all requests to pass through to the backend, even if they match WAF rules Answer: YNY
upvoted 1 times
...
Hot_156
2 months, 1 week ago
N - The Detection mode only applies to the managed rule sets. Custom rules with action: 'Block' will always block, regardless of the overall WAF mode. N - Detection mode is enabled ??? - Not sure on this one. Does the maxRequestBodySizeInKb:128 affect the upload size?
upvoted 1 times
...
Nhadipour
2 months, 2 weeks ago
1. YES - It's in Detection mode, so it logs but does not block. 2. NO - It's in Detection mode, so does not block. 3. YES - The actual upload limit is 2 GB (V1) or 4 GB (V2)
upvoted 1 times
...
golitech
2 months, 3 weeks ago
NO-> negationCondition is set to true -> it reverts the condition, means everything will be blocked except the mentioned IP range. NO-> It will be detected and created a log YES -> No limitation is defined in the policy. Also it is in detection mode
upvoted 1 times
...
pentium75
9 months ago
NO - the rule has "negationCondition: true", thus block addresses NOT matching 10.10.10.0/24 NO - policy is in Detection mode (might detect attacks but will not block them) YES - policy is in Detection mode and does not contain an upload size limit anyway
upvoted 2 times
pentium75
9 months ago
Sorry, of course Detection mode affects first answer too. So it's YES/NO/YES.
upvoted 2 times
pentium75
9 months ago
There's also some wrong information out there claiming that custom rules would still be applied even in Detection mode, this is wrong "If the WAF policy is set to detection mode, and a custom block rule is triggered, the request is logged and no blocking action is taken."
upvoted 1 times
...
...
...
Jimmy500
10 months ago
Yes, No, Yes First, we need to see that policy is in Detection mode this mean it will not prevent something, also there is OWAPS which will protect us from common attack types, however again policy is in detection mode not prevention mode that is why it will just audit in this case. The third bullet point is the about file upload limit Standard SKU V1, tier allows us to upload max 2GB and Standard SKU V2 allows us to upload us max 4GB. Here question asks 50mb so we can upload it then. Statement-1, Yes Statement-2 No Statement-3 Yes
upvoted 4 times
...
Nava702
1 year ago
Given answers are correct. The block rule has a negate condition, which means all requests originating from anything except the mentioned CIDR range will be blocked.
upvoted 3 times
pentium75
9 months ago
No because policy is in detection mode.
upvoted 1 times
...
...
fireboysz
1 year, 1 month ago
should be YYN: 10.1.1.5 is outside the CIDR range of blocked IP; OWASP blocks common attacks like file path attack, the detection mode in WAF does not mean it will do nothing when attack occurs; the body request for WAF is 128K, due to the OWASP
upvoted 1 times
Apptech
1 year ago
Finally the policy is in detection mode. So, I also go for Y,N,Y
upvoted 2 times
...
Apptech
1 year ago
Look also at Nava702's post about the IP range. You also can see here: https://learn.microsoft.com/en-us/azure/templates/microsoft.network/ApplicationGatewayWebApplicationFirewallPolicies?pivots=deployment-language-bicep
upvoted 1 times
...
Apptech
1 year ago
For File Upload there is another property: fileUploadLimitInMb https://learn.microsoft.com/en-us/azure/templates/microsoft.network/ApplicationGatewayWebApplicationFirewallPolicies?pivots=deployment-language-bicep
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago