Exam AZ-500 topic 6 question 20 discussion

I believe answer is YNY. WAF is in Detection mode, which means it won't take any action. https://learn.microsoft.com/en-us/azure/web-application-firewall/cdn/cdn-overview#waf-modes As far as the file upload limit, I only found 1 article indicating the limit is 2GB. https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/waf-engine

YES https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/custom-waf-rules-overview If the WAF policy is set to detection mode, and a custom block rule is triggered, the request is logged and no blocking action is taken. NO Detection mode otherwise blocked because of OWASP 3.2 YES https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-request-size-limits The request body size field and the file upload size limit are both configurable within the Web Application Firewall. The maximum request body size field is specified in kilobytes and controls overall request size limit excluding any file uploads. The file upload limit field is specified in megabytes and it governs the maximum allowed file upload size. https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#azure-application-gateway-limits For the request size limits and file upload size limit, see Application Gateway limits. Maximum file upload size (Standard SKU) V1 - 2 GB V2 - 4 GB

Y - 10.1.1.5 is outside of the block IP range. N - Its in Detection Mode N - Maximum request body size is 128KB so WAF will not allow the upload.

To support the Anawer: The Web Application Firewall (WAF) policy is set to Detection mode in your Bicep code, the rules will not take any blocking actions on incoming traffic. In Detection mode, the WAF operates as follows: Monitors and logs all threat alerts without blocking requests Inspects incoming requests and matches them against configured rules Logs any matches to the WAF logs for analysis Allows all requests to pass through to the backend, even if they match WAF rules Answer: YNY

N - The Detection mode only applies to the managed rule sets. Custom rules with action: 'Block' will always block, regardless of the overall WAF mode. N - Detection mode is enabled ??? - Not sure on this one. Does the maxRequestBodySizeInKb:128 affect the upload size?

1. YES - It's in Detection mode, so it logs but does not block. 2. NO - It's in Detection mode, so does not block. 3. YES - The actual upload limit is 2 GB (V1) or 4 GB (V2)

NO-> negationCondition is set to true -> it reverts the condition, means everything will be blocked except the mentioned IP range. NO-> It will be detected and created a log YES -> No limitation is defined in the policy. Also it is in detection mode

NO - the rule has "negationCondition: true", thus block addresses NOT matching 10.10.10.0/24 NO - policy is in Detection mode (might detect attacks but will not block them) YES - policy is in Detection mode and does not contain an upload size limit anyway

Yes, No, Yes First, we need to see that policy is in Detection mode this mean it will not prevent something, also there is OWAPS which will protect us from common attack types, however again policy is in detection mode not prevention mode that is why it will just audit in this case. The third bullet point is the about file upload limit Standard SKU V1, tier allows us to upload max 2GB and Standard SKU V2 allows us to upload us max 4GB. Here question asks 50mb so we can upload it then. Statement-1, Yes Statement-2 No Statement-3 Yes

Given answers are correct. The block rule has a negate condition, which means all requests originating from anything except the mentioned CIDR range will be blocked.

should be YYN: 10.1.1.5 is outside the CIDR range of blocked IP; OWASP blocks common attacks like file path attack, the detection mode in WAF does not mean it will do nothing when attack occurs; the body request for WAF is 128K, due to the OWASP