ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-300 All Questions

View all questions & answers for the AZ-300 exam
Go to Exam

Exam AZ-300 topic 3 question 12 discussion

Actual exam question from Microsoft's AZ-300
Question #: 12
Topic #: 3
[All AZ-300 Questions]

HOTSPOT -
You have an Azure subscription that contains the resources shown in the following table.

You need to deploy a load-balancing solution for two Azure web apps named App1 and App2 to meet the following requirements:
✑ App1 must support command injection protection.
✑ App2 must be able to use a static public IP address.
✑ App1 must have a Service Level Agreement (SLA) of 99.99 percent.
Which resource should you use as the load-balancing solution for each app? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: AGW1 -
Azure Application Gateway offers a web application firewall (WAF) that provides centralized protection of your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities. SQL injection and cross-site scripting are among the most common attacks.

Box 2: ELB1 -
Public IP addresses allow Internet resources to communicate inbound to Azure resources. Public IP addresses also enable Azure resources to communicate outbound to Internet and public-facing Azure services with an IP address assigned to the resource.
Note: In Azure Resource Manager, a public IP address is a resource that has its own properties. Some of the resources you can associate a public IP address resource with are:
✑ Virtual machine network interfaces
✑ Internet-facing load balancers
✑ VPN gateways
✑ Application gateways
References:
https://docs.microsoft.com/en-us/azure/application-gateway/waf-overview https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-ip-addresses-overview-arm
by Musk at Dec. 9, 2019, 9:28 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
bbbb
Highly Voted 5 years, 7 months ago
I think the question has a typo. The Application Gateway (even v2) only has an SLA of 99.95 - https://azure.microsoft.com/en-in/support/legal/sla/application-gateway/v1_2/ I'd suggest that the App Gateway with WAF meets App1 requirements (WAF gives the SQL injection protection) and the App2 can be done with a public load balancer. You wouldn't use an App Gateway for App2 alone as it would be more costly than a public load balancer. Also you'd only use an internal load balancer for connectivity between say some web apps and back-end databases.
upvoted 29 times
...
tobya
Highly Voted 5 years ago
App1 is AGW1 App2 is AGW2 They are are both web apps. You can't deploy layer4 load balancer to an azure webapp
upvoted 18 times
ercank
4 years, 11 months ago
Agree. It looks the best fit for this question.
upvoted 4 times
...
...
azurehunter
Most Recent 4 years, 8 months ago
I believe there is an error in question. If "App2 must have a Service Level Agreement (SLA) of 99.99 percent", then given answer is perfect.
upvoted 2 times
...
umangsingh123
4 years, 10 months ago
It should be AppGW1 and AppGW2 . refer to link below https://azure.microsoft.com/en-us/blog/taking-advantage-of-the-new-azure-application-gateway-v2/
upvoted 1 times
...
studdent
4 years, 10 months ago
Decision tree for load balancing: 1. Is it a web app? Yes - AG, No- LB https://docs.microsoft.com/en-us/azure/architecture/guide/technology-choices/load-balancing-overview#decision-tree-for-load-balancing-in-azure
upvoted 1 times
studdent
4 years, 10 months ago
Public IPs can be assigned to network interfaces, standard public load balancers, or Application Gateways. https://docs.microsoft.com/en-us/azure/virtual-network/public-ip-addresses#standard
upvoted 1 times
...
...
saran1987
4 years, 10 months ago
For both the apps, it should be Application Gateway Standard V2. Ref from Microsoft: Application Gateway is available under a Standard_v2 SKU. Web Application Firewall (WAF) is available under a WAF_v2 SKU. The v2 SKU offers performance enhancements and adds support for critical new features like autoscaling, zone redundancy, and support for static VIPs https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-autoscaling-zone-redundant
upvoted 1 times
...
macco455
4 years, 11 months ago
HTTP(S) load-balancing services are Layer 7 load balancers that only accept HTTP(S) traffic. They are intended for web applications or other HTTP(S) endpoints WIth that info, it seems that App 1 is AGV2 and App 2 AGV1.
upvoted 2 times
...
praveen97
5 years ago
Answer is 1. AGW1 - since App1 supports command Injection protection. WAF protects that. So App GW with WAF (AGW1) is the answer. https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-faq#what-is-azure-waf 2. ELB1 - External/Public load balancer requires Public IP address. It can be can be Basc/Standard SKU since both of them supports Static Public IP. (Standard SKU doesn't support Dynamic IP address assignment) https://docs.microsoft.com/en-us/azure/load-balancer/components#frontend-ip-configuration-
upvoted 6 times
SinghJagdeep
4 years, 11 months ago
Correct Answers, as application gateway does not support static IP.
upvoted 1 times
Madhu1
4 years, 10 months ago
It does support if its Application Gateway v2 SKU https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-faq
upvoted 1 times
...
...
...
gboyega
5 years ago
This question is confusing. A standard and Basic Load Balancers can use Standard Public IP addresses
upvoted 2 times
gboyega
5 years ago
Only the Standard APP-GATEWAY cant use Standard Public IP address
upvoted 1 times
gboyega
5 years ago
I meant to say static
upvoted 1 times
...
...
...
Ashwinee
5 years, 1 month ago
App2 requires just public ip. It can be done with basic load balancer as well, why do we need standard load balancer
upvoted 1 times
angelsrp
5 years, 1 month ago
Given answers are correct. You cant use a load balancer with an application service.
upvoted 1 times
angelsrp
5 years, 1 month ago
*incorrect, app2 should use appw2
upvoted 1 times
tmurfet
5 years ago
I agree you can't use a load balancer with a web app so App2 must be appw2.
upvoted 1 times
...
...
...
...
gresina
5 years, 2 months ago
App 1: ELB1- only the standard load balancer has got 99.99% SLA App 2: AGW2 - external load balancer and type 2 AG can get STATIC PUBLIC IP, App 1 got the external load balancer, so no other solution Top-level resource IP Address association Dynamic Static Virtual machine Network interface Yes Yes Internet-facing Load balancer Front-end configuration Yes Yes VPN gateway Gateway IP configuration Yes No Application gateway Front-end configuration Yes (V1 only) Yes (V2 only)
upvoted 4 times
...
arbasu
5 years, 2 months ago
App1 - agw1 ( supports waf) app2 - agw2 ( can be elb as well ) .. agw2 is v2 : https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-faq#does-the-ip-or-dns-name-change-over-the-lifetime-of-the-application-gateway
upvoted 2 times
arbasu
5 years, 2 months ago
on the 2nd thought, agw1 - is standard and not v2, so sla of 99.99 cannot be achieved, on the other hand, load balancer cannot provide waf. so i don't see a solution for app1 unless there is multiselect option
upvoted 2 times
...
...
PatMan
5 years, 2 months ago
There must be a typo in this because you cannot have command injection protection (AG GW WAF) with an SLA of 99.99%. Probably for App1 you just require command injection protection which makes the answer AGW1. For App2 you need static public IP & SLA of 99.99% which the correct answer is ELB1
upvoted 3 times
...
ReffG
5 years, 2 months ago
App1 = AGW1 (WAF enabled to meet requirement injection protection) App2 = ELB1 (Standard LB with SLA of 99,99%, AGW has SLA of 99,95)
upvoted 10 times
...
AnshMan
5 years, 7 months ago
Based on SLA 99.95 for AG2, answer would be ELB1 ILB1
upvoted 1 times
...
Benkyoujin
5 years, 7 months ago
Why is App2 ELB? App gateway also supports external IPs.
upvoted 2 times
...
Musk
5 years, 7 months ago
Application Gateway is 99.95% SLA according o several Azure pages
upvoted 5 times
onlyfunmails
5 years, 7 months ago
AG V2 is zone-reduntant based with SLA 99.99% to be used for APP1.
upvoted 7 times
qr
5 years, 5 months ago
onlyfunmails is right. question is redundant now: https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-autoscaling-zone-redundant
upvoted 1 times
qr
5 years, 5 months ago
just to update on this. correct answers would be Box 1 :AGW2 and Box 2: ELB(internet facing - https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-ip-addresses-overview-arm#public-ip-addresses)
upvoted 1 times
BeCalmAndSmile
5 years, 3 months ago
AGW2 doesn't mention enabling WAF though?
upvoted 2 times
tartar
4 years, 10 months ago
AGW AGW
upvoted 3 times
...
Load full discussion...
...
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel