HOTSPOT - You are evaluating the security of ClaimsApp. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
Box 2: Yes - Users will connect to ClaimsApp by using a URL of https://claims.fabrikam.com. Need certificate for HTTPS.
TLS/SSL certificates - To enable the HTTPS protocol for securely delivering content on a Front Door custom domain, you must use a TLS/SSL certificate. You can choose to use a certificate that is managed by Azure Front Door or use your own certificate.
Box 3: Yes - By default, Azure Front Door will respond to all user requests regardless of the location where the request is coming from. In some scenarios, you may want to restrict the access to your web application by countries/regions. The Web application firewall (WAF) service in Front Door enables you to define a policy using custom access rules for a specific path on your endpoint to either allow or block access from specified countries/regions. Note: Requirements. Security Requirements Fabrikam identifies the following security requirements: ג€¢ Internet-accessible applications must prevent connections that originate in North Korea. Reference: https://techcommunity.microsoft.com/t5/azure-architecture-blog/permit-access-only-from-azure-front-door-to-azure-app-service-as/ba-p/2000173 https://docs.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https#tlsssl-certificates
YYY is the answer.
https://learn.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https#tlsssl-certificates
To enable the HTTPS protocol for securely delivering content on a Front Door custom domain, you must use a TLS/SSL certificate. You can choose to use a certificate that is managed by Azure Front Door or use your own certificate.
https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-geo-filtering
By default, Azure Front Door will respond to all user requests regardless of the location where the request is coming from. In some scenarios, you may want to restrict the access to your web application by countries/regions. The Web application firewall (WAF) service in Front Door enables you to define a policy using custom access rules for a specific path on your endpoint to either allow or block access from specified countries/regions.
https://learn.microsoft.com/en-us/azure/frontdoor/front-door-faq#what-regions-is-the-service-available-in-
Azure Front Door is a global service and isn't tied to any specific Azure region. The only location you need to specify while creating a Front Door is the resource group location, which is specifying where the metadata for the resource group gets stored. The Front Door profile itself is created as a global resource and the configuration is deployed globally to all edge locations.
Focusing on this "ClaimsApp will be deployed to Azure App Service instances that connect to Vnet1 and Vnet2" and with those two Vnet's in different regions, which is supported by FD; my answer would be Yes/Yes/Yes
Front Door is non-regional and can be used across regions. Therefore, as noted in the case: "A virtual network named Vnet1 in the East US Azure region
A virtual network named Vnet2 in the West Europe Azure region", and with ClaimsApp being deployed to both vNet's; I believe its YES to first item.
For Box 1 I would choose Yes
The question is whether 'FD1 can be used to protect all the instances of ClaimsApp.'. The requirement also mentioned 'ClaimsApp will be deployed to Azure App Service instances'. So the required scope of protection is only App Service instances, not Vnet1, Vnet2 and ClaimsDB.
Azure Front Door with WAF able to protection layer 7 web application hosted in Azure App Service.
Azure Web Application Firewall on Azure Front Door
https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/afds-overview
Q1, FD1 be used to protect all the instances of ClaimsApp. as per case study. ClaimsApp will be deployed to Azure App Service instances that connect to Vnet1 and Vnet2. Maybe the answer is no because it cant protect Vnet1 and Vnet2 it is a layer 7 firewall to protect web apps. any thoughts?
The front door only works with HTTP and HTTPS, and connections to a database use other ports or protocols.
In this case, only the web app can be protected, since the question is related to all instances it can't protect the DB.
I don't know if there are others instances can't be protected. But from what I read, ClaimsDB is not asked in the question. The question only mentioned ClaimsApp, which is the app service itself.
When it says "all instances of ClaimsApp", I would interpret that as how many instances of the app itself and not the related database, etc.. Tricky misleading question in my opinion.
upvoted 3 times
...
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
emiliocb4
Highly Voted 2 years, 1 month agozellck
Highly Voted 1 year, 5 months agozellck
1 year, 5 months agozellck
1 year, 5 months agoslobav
Most Recent 1 year, 1 month agoRamye
10 months agoGurulee
1 year, 7 months agoGurulee
1 year, 8 months agoOrangeSG
1 year, 9 months agodarren888
2 years, 2 months agoMallonoX_111
2 years, 2 months agoGranwizzard
2 years, 2 months agopangchn
2 years, 2 months agoGranwizzard
2 years, 2 months agoGurulee
1 year, 7 months ago