Exam AZ-900 topic 1 question 246 discussion

Perimeter layer. Please someone change the answer.

Perimeter layer Same question before this

The correct answer is: networking layer. Explanation: Azure Distributed Denial of Service (DDoS) protection is implemented at the networking layer (Layer 3 and 4) of the OSI model. This service protects resources like virtual networks and public-facing applications from volumetric attacks and protocol-level attacks that occur at the network layer.

As per https://learn.microsoft.com/en-us/azure/ddos-protection/ddos-protection-overview, Azure Distributed Denial of Service (DDoS) protection operates at the network layer (Layer 3 and Layer 4). So, Network layer is correct answer

If you have to choose one, Azure DDoS Protection is best categorized as a perimeter security feature. Here’s why: Perimeter Layer Protection: Azure DDoS Protection is designed to defend against large-scale network and transport layer attacks (Layer 3 and Layer 4), which are often aimed at overwhelming network resources. It is part of the broader set of security measures intended to protect the perimeter of your network infrastructure, effectively mitigating threats before they impact your applications or services. Although Azure DDoS Protection operates at the network and transport layers, it is generally considered a perimeter security measure because it helps protect the boundary of your network from external threats.

The physical security layer is the first line of defense to protect computing hardware in the datacenter. The identity and access layer controls access to infrastructure and change control. The perimeter layer uses distributed denial of service (DDoS) protection to filter large-scale attacks before they can cause a denial of service for users. The network layer limits communication between resources through segmentation and access controls. The compute layer secures access to virtual machines. The application layer helps ensure that applications are secure and free of security vulnerabilities. The data layer controls access to business and customer data that you need to protect.

même Question n° : 232 , couche 3

"Azure" DDoS Protection protects at layer 3 and layer 4 network layers. For web applications protection at layer 7, you need to add protection at the application layer using a WAF offering. Answer: Networking Layer https://learn.microsoft.com/en-us/azure/ddos-protection/ddos-protection-overview

As per Kevin Brown: Perimeter •Use distributed denial of service (DDoS) protection to filter large-scale attacks before they can cause a denial of service for end users. •Use perimeter firewalls to identify and alert on malicious attacks against your network.

Azure distributed denial of service (DDoS) protection is an example of protection that is implemented at the perimeter layer. Explanation: Based on the context, the perimeter layer refers to the security measures that are implemented at the outermost boundaries of the network, which is where Azure DDoS protection operates. It is designed to protect the network perimeter from large-scale attacks and filter malicious traffic before it affects system availability. This aligns with the general security principle of creating a defensive barrier at the network's edge.

Perimeter The network perimeter protects from network-based attacks against your resources. Identifying these attacks, eliminating their impact, and alerting you when they happen are important ways to keep your network secure. At this layer, it's important to: Use DDoS protection to filter large-scale attacks before they can affect the availability of a system for users. Use perimeter firewalls to identify and alert on malicious attacks against your network.

The given answer is wrong! The correct answer should be "Perimeter layer" because the reference here is to the Defense-in-depth model and not to the OSI model. See the link below under section "Perimeter". https://learn.microsoft.com/en-us/training/modules/describe-azure-identity-access-security/8-describe-defense-depth

This is a question about Defense in Depth and not The OSI model. In a Defense in depth context DDOS is applied at the Perimeter layer within Azure. The comments about layer 3 and Network are crossing over into where DDoS would sit within the OSI model, which has a "network" layer (1=physical, 2=datalink, 3=network, 4=transport etc). This is a more general network question that you'd expect on a network security exam perhaps, but is not specific to Azure implementation of DDoS

please do not get confused it is "Perimeter" Layer

Same question and answer as before: Perimeter layer, not network layer.

Saving everyones time from MS - Question # 10 (Multiple Choice) Which defense in depth layer uses distributed denial of service (DDoS) protection? A. Physical security layer B. Perimeter layer C. Network layer D. Application layer Item Description Answer: B Objective: 2.4 Describe Azure identity, access, and security Rationale: The perimeter layer uses distributed denial of service (DDoS) protection to filter large-scale attacks before they can cause a denial of service for users. URL: https://learn.microsoft.com/training/modules/secure-network-connectivity-azure/2-what-is-defense-in-depth

ohhh f im going to get one anwer wrong but its fine. damm micosoft you doing it dirty