ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-301 All Questions

View all questions & answers for the AZ-301 exam
Go to Exam

Exam AZ-301 topic 17 question 28 discussion

Actual exam question from Microsoft's AZ-301
Question #: 28
Topic #: 17
[All AZ-301 Questions]

You are designing a solution that will host 20 different web applications.
You need to recommend a solution to secure the web applications with a firewall that protects against common web-based attacks including SQL injection, cross- site scripting attacks, and session hijacks. The solution must minimize costs.
Which three Azure features should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. VPN Gateway
  • B. URL-based content routing
  • C. Multi-site routing
  • D. Web Application Firewall (WAF)
  • E. Azure ExpressRoute
  • F. Azure Application Gateway
Show Suggested Answer Hide Answer
Suggested Answer: DEF 🗳️
The web application firewall (WAF) in Azure Application Gateway helps protect web applications from common web-based attacks like SQL injection, cross-site scripting attacks, and session hijacks. It comes preconfigured with protection from threats identified by the Open Web Application Security Project (OWASP) as the top 10 common vulnerabilities.
ExpressRoute connections do not go over the public Internet and thus can be considered more secure than VPN-based solutions. This allows ExpressRoute connections to offer more reliability, faster speeds, lower latencies, and higher security than typical connections over the Internet.
Reference:
https://azure.microsoft.com/en-us/updates/application-gateway-web-application-firewall-in-public-preview/ https://docs.microsoft.com/en-us/azure/security/fundamentals/overview
by PDR at Jan. 1, 2020, 10:28 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
PDR
Highly Voted 5 years, 6 months ago
Answer is incorrect and should be B,D,F B - URL Based content routing so we can use a single Application gateway and route the requests to each of the 20 different web applications D - for the web based attack protection F - Application gateway lets us use B and D Expressroute is a service that is used to provide a direct connection to azure from a location. It is an expensive service (as requires a private leased line connection) so certainly doesn't minimize costs, plus the requirement does not mention needed a private connection to the web applications so we assume they are publicly accessible.
upvoted 57 times
jimmyjose
4 years, 9 months ago
The correct answer is C, D, F. You are designing a solution that will host 20 different web applications, like 123.abc.com, 456, xyz.com, etc. B. URL-based content routing will distinguish between "123.abc.com/url1" and "123.abc.com/url2", etc. Same website but different 'URL'. C. Multi-site routing will distinguish between websites, like 123.abc.com, 456.xyz.com, etc.
upvoted 18 times
tartar
4 years, 9 months ago
CDF is ok
upvoted 6 times
...
...
...
yogi2020
Highly Voted 5 years, 4 months ago
it should be CDF, as difference between Multisite and URL routing is that, multisite will allow the use of one Application Gateway for all 20 sites and point to them their backend pools. https://docs.microsoft.com/en-us/azure/application-gateway/multiple-site-overview
upvoted 33 times
SilentH
5 years, 2 months ago
Yogi2020 is correct, the answer should be CDF. B: URL-based content routing will only go to one web site (i.e. web app) but route based on the URL within that site (e.g. /images/* vs /video/*) C: This will enable the AAG to route between different web sites (i.e. web apps). For example: contoso.com vs. fabrikam.com Ref: * URL-routing: https://docs.microsoft.com/en-us/azure/application-gateway/url-route-overview * Site-routing: https://docs.microsoft.com/en-us/azure/application-gateway/multiple-site-overview
upvoted 11 times
Daren
5 years, 2 months ago
Agree here. CDF should be correct as multi site supports up to 100 different websites. No need for express route.
upvoted 2 times
...
qqqqqq123456
5 years ago
Different web applications and different domain names are not the same things. You may have multiple web applications in the same domain name with different paths (urls). For instance when you deploy to tomcat java wars you will get different paths for different web apps in the same domain. And in question "will host 20 web apps" might mean "you have them all in one domain". I am not sure what is better here B or C, I think both should be correct.
upvoted 1 times
...
...
[Removed]
5 years, 2 months ago
it says features. App Gateway and ExpressRoute are products not features. B, C & D maybe?
upvoted 4 times
Coolking
5 years, 2 months ago
I agree, Azure Application Gateway is an Azure Service and not Azure feature. For the, the answer is B,C,D
upvoted 1 times
Coolking
5 years, 2 months ago
https://docs.microsoft.com/en-us/azure/application-gateway/features URL based routing, multi-site routing, WAF are features of Azure Application Gateway
upvoted 1 times
...
...
...
...
Mintea
Most Recent 4 years, 7 months ago
Agree with CDF. The question is asking Which three Azure features should you recommend? When you use application gateway with WAF, you need multi site feature (C) to host 20 different web application (assuming they are in different domain), it can't be done with express route.
upvoted 2 times
widurr
4 years, 4 months ago
It doesn't say 20 different websites, but applications. It can be "abc.com/app1", "abc.com/app2" ... "abc.com/app20"
upvoted 1 times
...
...
tundervirld
4 years, 9 months ago
Express route is for OnPremise to Cloud secure connections in backbone azure throughs an provider service, in the question don't says anything about it. so: Multi-site routing WAF Azure Application gateway
upvoted 1 times
...
fiol82
4 years, 9 months ago
"ExpressRoute connections do not go over the public Internet and thus can be considered more secure than VPN-based solutions" this is interesting...
upvoted 1 times
...
Nehuuu
4 years, 9 months ago
Should be CDF
upvoted 2 times
...
jivom
4 years, 10 months ago
Answer is either C D F or A D F, we really don't have a good enough question to know what exactly they want to ask for...
upvoted 2 times
...
aMaineCloud
4 years, 11 months ago
The questions says - You need to recommend a solution to SECURE the web applications with a firewall. BDF
upvoted 2 times
...
Kaawa
4 years, 11 months ago
It's NOT mentioning anywhere that those web applications are private (e.g., for corp employees) so VPN and ExpressRoute are out. So, C D F are my answer, final.
upvoted 1 times
...
PhenomMpho
4 years, 11 months ago
The correct answer should be B,D,F.
upvoted 1 times
gboyega
4 years, 11 months ago
Wrong. It is C,D,F. B is wrong because we have 20 different websites not the same website
upvoted 6 times
...
...
alwayslearn
4 years, 11 months ago
CDF C because There are three common mechanisms for enabling multiple site hosting on the same infrastructure.Host multiple web applications each on a unique IP address. https://docs.microsoft.com/en-us/azure/application-gateway/multiple-site-overview D: obvious for firewall F: Gateway is needed in this scenario.
upvoted 4 times
...
NKnab
4 years, 11 months ago
cdf- app gateway, multi site routing(20 websites) and f
upvoted 1 times
...
Nitink
4 years, 12 months ago
C, D, F
upvoted 2 times
...
Prash85
4 years, 12 months ago
C. Multi-site routing - 20 Different Web App D. Web Application Firewall (WAF) F. Azure Application Gateway
upvoted 5 times
...
AZViewer
5 years ago
the answer should be DEF, i am surprised how can Multi-site routing stop the attacks, as its the feature of WAF for routing to different URL'S?
upvoted 1 times
...
DeveshSolanki
5 years ago
Answer is C, D, F C. Multi-site routing D. Web Application Firewall (WAF) F. Azure Application Gateway
upvoted 5 times
...
chaudh
5 years ago
You guys are out of focus. The question ask for solution to secure the webapp and you got interference on "20 different web applications". Either url-base or multi-site routing is working with AGW but not part of security solution. obviously D & F are correct. B & C are not part of security solution. A & E are both secure, with A, connection is encrypted, with E, connection is private. The question doesn't ask which one is most secure, only minimize cost. So A is my choice. ADF is my answer.
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel