Exam AZ-300 topic 1 question 70 discussion

Box 2: Should be Azure application Gateway and not Azure Security Center. Azure Application Gateway has Web Application Firewall (WAF) functionality that protects the Web App from OWASP attacks. Security Center doesn't give any protection for the Web App, only recommendation on security features.

- App Gateway - App Gateway - Traffic Manager

Application gatway has multiple option while creating the same , you can select Tier WAF V2 or Standard V2 tier as per links below linkhttps://docs.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-web-application-firewall-portal https://docs.microsoft.com/en-us/azure/application-gateway/quick-create-portal so here neither ASC not AG provides this by default so we can select any of the option but i would prefere AG and once we select Tier WAF V2 prevention is on as compare to ASC where we have 2 option detect and prevent.

for me correct answer is -App Gateway -App Gateway -Traffic Manger following is the justification for the same https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview above link has following line in Azure Security Center section. Application Gateway is integrated with Security Center. Security Center scans your environment to detect unprotected web applications. It can recommend Application Gateway WAF to protect these vulnerable resources. but above is not default we have to configure the same and that is also 2 configuration option "detect" and "prevent" as mentioned in the given playbook https://gallery.technet.microsoft.com/ASC-Playbook-Protect-38bd47ff/file/175705/1/ASC%20Playbook_Protect%20Servers%20With%20Web%20Application%20Firewall.pdf https://azure.microsoft.com/en-in/blog/how-azure-security-center-helps-protect-your-servers-with-web-application-firewall/ so based on the above selected configuration ASC can detect or prevent along with recommendation.

Answer is correct.

The correct answer is: 1. Azure Application Gateway 2. Azure Application Gateway 3. Azure Traffic Manager Reason Because: 1. You can use the Azure Application Gateway to provide SSL offloading and manage the encryption and decryption process. 2. You can use Web Application Firewall feature along with the Azure Application Gateway service to protect the web application against vulnerabilities. 3. You can use the performance routing method in the Azure Traffic Manager service to route traffic based on latency.

Box2: should be Azure Appl Gw (with WAF) . Azure Security Center scans Azure resources for vulnerabilities and recommends mitigation steps for those issues. Reference URL:https://azure.microsoft.com/en-us/blog/azure-security-center-and-microsoft-web-application-firewall-integration/#:~:text=Microsoft%20WAF%20is%20a%20feature,mitigation%20steps%20for%20those%20issues.

AAG AAG (why? https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview. In this article is "rotect your web applications from web vulnerabilities and attacks without modification to back-end code") ATM

given answer is correct. Application Gateway Security Center (App GW doesnt indicate that WAF tier is available. so security center is best option, refer to: https://docs.microsoft.com/en-in/azure/security-center/threat-protection#threat-protection-for-azure-app-service-) Traffic Manager

-App Gateway -App Gateway -Traffic Manger

AG AG (https://azure.microsoft.com/en-gb/blog/azure-web-application-firewall-waf-generally-available/) TM

I prefer to say - application gateway - security center (why: because an application gateway =! application gateway with WAF tier, if it were the case that the box said Application gateway with WAF I'd say it's a preferable option over security center but alas the question does not mention WAF). - traffic manager

Application Gateway Azure Security Center https://azure.microsoft.com/es-es/blog/azure-security-center-can-identify-attacks-targeting-azure-app-service-applications/ Traffic Manger

- App GW - Security Center https://docs.microsoft.com/en-in/azure/security-center/security-center-intro Azure Security Center addresses the three most urgent security challenges: 1. Rapidly changing workloads 2. Increasingly sophisticated attacks - Wherever you run your workloads, the attacks keep getting more sophisticated. You have to secure your public cloud workloads, which are, in effect, an Internet facing workload that can leave you even more vulnerable if you don't follow security best practices. 3. Security skills are in short supply - Traffic Manager

Security Center can also prevent from threats and more sophisticated. Hecen correct answer is - App Gateway - Security Center - Traffic Manager.

The overall question requirement is to protect from Web Vulnerabilities and Protect against attacks. However the drop down is NOT about attacks. That portion is ONLY for Web Vulnerabilities. Hence Security Center should be correct as it protects agains Vulnerabilities. Choosing App Gateway in option A already protects against attacks hence overall requirements are satisfied. - App GW - Security Center - Traffic Manager

https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview -App Gateway -App Gateway -Traffic Manger The above document states "Protection Protect your web applications from web vulnerabilities and attacks without modification to back-end code."