HOTSPOT - You need to ensure that network security policies are met. How should you configure network security? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Suggested Answer:
Box 1: Valid root certificate - Scenario: All websites and services must use SSL from a valid root certificate authority. Box 2: Azure Application Gateway Scenario: ✑ Any web service accessible over the Internet must be protected from cross site scripting attacks. ✑ All Internal services must only be accessible from Internal Virtual Networks (VNets) All parts of the system must support inbound and outbound traffic restrictions. Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities. SQL injection and cross-site scripting are among the most common attacks. Application Gateway supports autoscaling, SSL offloading, and end-to-end SSL, a web application firewall (WAF), cookie-based session affinity, URL path-based routing, multisite hosting, redirection, rewrite HTTP headers and other features. Note: Both Nginx and Azure Application Gateway act as a reverse proxy with Layer 7 load-balancing features plus a WAF to ensure strong protection against common web vulnerabilities and exploits. You can modify Nginx web server configuration/SSL for X-XSS protection. This helps to prevent cross-site scripting exploits by forcing the injection of HTTP headers with X-XSS protection. Reference: https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview https://www.upguard.com/articles/10-tips-for-securing-your-nginx-deployment
Box 1: Valid root certificate
Scenario: All websites and services must use SSL from a valid root certificate authority.
Box 2: Azure Application Gateway
Scenario:
- Any web service accessible over the Internet must be protected from cross site scripting attacks.
- All Internal services must only be accessible from Internal Virtual Networks (VNets).
Yeah!
Box 1: Answer is written inside security tab: "must use SSL from a valid root certificate authority" Must read carefully sometime to get the answer :)
Box 2:
nginx as service is not provided by Microsoft azure
The only thing is : Azure Application Gateway can only be deployed in one region. Don't know if that violates the requirements "All services must run in multiple regions. The failure of any service in a region must not impact overall application availability."
Couldn't find if nginx has the same limitation either.
Would go for Azure Application Gateway
May I know what is the different between Azure Application Gateway Vs NGINX. They are similar. Why we choice Azure Application Gateway instead of NGINX?
This section is not available anymore. Please use the main Exam Page.AZ-204 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
mlantonis
Highly Voted 3 years, 6 months agoKingChuang
1 year, 11 months ago[Removed]
1 year, 5 months agoAlexeyG
Highly Voted 1 year, 10 months agoArchana_G
Most Recent 7 months, 1 week agoneelkanths
7 months, 3 weeks agoBaoNguyen2411
1 year, 4 months agoBaoNguyen2411
1 year, 4 months agoNightshadeRC
1 year, 4 months agonvtienanh
2 years agocoffecold
2 years, 1 month agoangrybird2007
2 years, 4 months agogmishra88
2 years, 2 months agoKnightie
2 years, 3 months agoEltooth
2 years, 5 months agoSivajiTheBoss
2 years, 9 months agopetitbilly
2 years, 9 months ago