Exam SC-100 topic 3 question 8 discussion

https://docs.microsoft.com/en-us/learn/modules/specify-security-requirements-for-applications/5-specify-security-strategy-apis

I would choose C, Application Gateway with WAF. Not Traffic Manager. Traffic Manager is a DNS based routing for performance and speed.

This answer needs to be rectified

To prevent malicious bots from scanning Azure App Service web apps for vulnerabilities while minimizing the attack surface for customers in Europe and the United States, you should recommend C. Azure Application Gateway Web Application Firewall (WAF). C. Azure Application Gateway Web Application Firewall (WAF): Azure Application Gateway with the Web Application Firewall (WAF) is specifically designed for web application security. It provides protection against common web vulnerabilities such as SQL injection, cross-site scripting (XSS), and more. It also includes bot protection capabilities, which can help prevent malicious bots from scanning web apps for vulnerabilities. This aligns with the requirement to prevent bot scanning while minimizing the attack surface.

to prevent malicious bot scanning and minimize the attack surface for the web apps, Azure Application Gateway Web Application Firewall (WAF) is the recommended solution.

The answer is Clear WAF- Azure Web Application Firewall on Azure Application Gateway bot protection overview: https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/bot-protection-overview

Looks like C to me, check out: https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/bot-protection-overview

C is the answer. https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities. SQL injection and cross-site scripting are among the most common attacks.

Application gateway with waf

App gw waf

https://azure.microsoft.com/en-us/updates/new-bot-protection-rule-set-in-public-preview-for-web-application-firewall-waf-with-azure-front-door-service/

Azure Application Gateway Web Application Firewall (WAF) provides centralized protection for your web applications, helps block common attacks like SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF), and helps minimize the attack surface by blocking malicious bots from scanning your web apps for vulnerabilities. By using WAF, you can ensure that the web apps are protected against common web application attacks while minimizing the attack surface.

https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/bot-protection-overview

C. Traffic Manager has no anti-bot capability.

WAF is the answer here.

It is WAF on Azure Application Gateway. Ref: https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/bot-protection-overview

Use Geomatch custom rules. https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/geomatch-custom-rules