SIMULATION - You need to ensure that connections through an Azure Application Gateway named Homepage-AGW are inspected for malicious requests. To complete this task, sign in to the Azure portal. You do not need to wait for the task to complete.
Suggested Answer:See the explanation below.
You need to enable the Web Application Firewall on the Application Gateway. 1. In the Azure portal, type Application gateways in the search box, select Application gateways from the search results then select the gateway named Homepage-AGW. Alternatively, browse to Application Gateways in the left navigation pane. 2. In the properties of the application gateway, click on Web application firewall. 3. For the Tier setting, select WAF V2. 4. In the Firewall status section, click the slider to switch to Enabled. 5. In the Firewall mode section, click the slider to switch to Prevention. 6. Click Save to save the changes.
Regarding the mode, as long as the application gateway tier is WAF, all traffic would be inspected by the gateway whether in Detection or Prevention mode
Here is a current summary (I have tested it myself in the lab):
1. Sign in to the Azure portal.
2. In the left-hand menu, click on All services.
3. In the All services box, type Application Gateway in the search box, and then click on Application Gateways in the drop-down menu.
4. On the Application Gateways page, click on Homepage-AGW.
5. In the Settings section of the Homepage-AGW page, click on Web application firewall.
6. In the Firewall Status section, toggle the status to WAF2
7. Create a new Application Gateway WAF policy
8. On the Overview Page click on switch to prevent mode (its in the top middle)
Sign in to the Azure portal.
In the left-hand menu, click on All services.
In the All services box, type Application Gateway in the search box, and then click on Application Gateways in the drop-down menu.
On the Application Gateways page, click on Homepage-AGW.
In the Settings section of the Homepage-AGW page, click on Web application firewall.
In the Firewall Status section, toggle the status to Enabled.
In the Firewall Mode section, select Prevention (this mode inspects the incoming requests and denies any malicious requests).
Click on Save at the top of the page to apply the changes.
This is now located in the WAF Policy page. You'd need to click the new WAF policy you had created and select "Switch to prevention mode" in Overview (Section). The 'Policy state' will always be "Enabled" when the policy is associated with an Application Gateway.
Technically we shouldn't need to enable 'Prevention' as per Nnanna29's comment as the question hasn't specified the action to take enforcement actions upon policy ruleset matches
To clarify
> The 'Policy state' will always be "Enabled" when the policy is associated with an Application Gateway.
I meant by default for the first time. One can click the 'disable' (button) on the WAF Policy to toggle the Policy state to Disable.
I would use firewall mode "protection" as long as they don't ask to block some traffic.
Check for WAF modes on this page
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview
Should say in "Settings" Section - Properties in left pane are not used for configuration
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.AZ-500 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
planb7000
Highly Voted 4 years, 8 months agoNnanna29
Highly Voted 4 years, 5 months agoCodelawdepp
Most Recent 10 months, 2 weeks agomrt007
1 year agoKelly8023
2 years, 6 months agoKelly8023
2 years, 6 months agolt9898
1 year, 5 months agolt9898
1 year, 5 months agoPpetr0
3 years, 12 months agoCyberbug2021
3 years, 12 months ago