Exam AZ-700 topic 3 question 25 discussion

At this link: https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/afds-overview#waf-policy-and-rules It states: A web application delivered by Front Door can have only one WAF policy associated with it at a time. Since the question states "Policy1 is associated to Frontend1.", this eliminates option B. The question also states: "Requests to Frontend1 that have a header containing "string2" must be redirected to https:// www.contoso.com/redirect2.", which tells us that we don't need a new frontend. So option C is eliminated. At the above link, it also states: "managed rule sets that are a collection of Azure-managed pre-configured set of rules." Since we are targeting a specific value of "string2", this option would be eliminated. That leaves us with only AEF as possible answers.

I think the order is: B. Create a policy. A. Create a custom rule. F. Create an association.

A - Create a custom rule E - Add the rule to Policy F - Create an association - this seems to not be needed. I have found no documentation about it other than you se the association on policy level

Create custom rule Add a custom rule to policy1 Create an association

Create custom rule Add a custom rule to policy1 Create an association

A new policy is unnecessary since Policy1 already exists and is associated with Frontend1. You can modify the existing policy.

Only 2 steps required: 1) custom rule to handle the request containing "string2", and 2) adding up this custom rule to the existing policy Front end host remains the same as no new domain or subdomain has been configured. Subsequently, all other steps are unnecessary

A,E,F - A rule is made of a match condition, a priority, and an action. Action types supported are ALLOW, BLOCK, LOG, and REDIRECT. You can create a fully customized policy that meets your specific application protection requirements by combining managed and custom rules.

wooyourdaddy is correct. A,E,F are needed to setup WAF with a new redirect rule.

1. You don't need new policy so B is out. "A web application delivered by Azure Front Door can have only one WAF policy associated with it at a time." 2. Question says "Policy1 is associated to Frontend1", so F is out as no new association is required. 3. The front end host does already exist, so C is out. And that leaves us with ADE

The following points apply • You can ONLY apply one WAF policy per AFD domain (Endpoint) • WAF Policy can ONLY have ONE redirection that is configured at the Policy settings and hence if you have two different redirections which is the case in this question than you will need two different WAF policies • Independent Association Action is NOT needed here as when you create WAF policy it will require you to chose the appropriate Endpoint (Domain and hence you are associating the WAF policy) [Note: any Endpoint that already has WAF policy applied to it will NOT be present and hence New Endpoint-Domain is required]

The three actions you should perform to configure the additional redirection settings are: A. Create a custom rule: This custom rule will define the condition for redirecting requests that have a header containing "string2" to the desired URL. Custom rules allow you to define specific behavior based on your requirements. E. Add a custom rule to Policy1: Once you have created the custom rule, you need to add it to Policy1. This ensures that the new rule is part of the policy and will be applied to the incoming requests. F. Create an association: To apply the updated Policy1 to Frontend1, you need to create an association between the policy and the frontend. This ensures that the policy is enforced for requests coming through Frontend1. So, the correct actions to configure the additional redirection settings would be: A. Create a custom rule. E. Add a custom rule to Policy1. F. Create an association.

To configure additional redirection settings to redirect requests to Frontend1 that have a header containing "string2" to https://www.contoso.com/redirect2, you should perform the following three actions: B. Create a policy: If you haven't created a policy already, create a new Azure Web Application Firewall (WAF) policy named Policy1. A. Create a custom rule: Create a custom rule in Policy1 to redirect requests that have a header containing "string2" to https://www.contoso.com/redirect2. E. Add a custom rule to Policy1: Add the custom rule created in the previous step to Policy1. The other options listed are not required for this scenario: C. Create a frontend host: A frontend host is not required since Frontend1 already exists. D. Configure a managed rule: Managed rules are not required for this scenario. F. Create an association: An association is not required since Policy1 is already associated with Frontend1.

Not C - You need to use Frontend 1 Not D - Not sure what it is, probably microsoft WAF policy managed rules which will no helps in our case Not E - You cannot have two different redirect URLs in the same WAF policy, even in different rules (tested in lab) F - you cannot create an association to the same route which would likely needs be /* there as asked in this scenario, so you are blocker with only 1 WAF policy... You can create a policy and a custom rule but not associate it... I think this question is outdated, WAF policies are not meant to be used for redirect. Normally for this you just a create a Frond Door rule set with all your conditions and rediects and that's it.

To configure additional redirection settings, you should perform the following three actions: A. Create a custom rule that matches requests with a header containing "string2". E. Add a custom rule to Policy1 that redirects requests that match the custom rule to https://www.contoso.com/redirect2. F. Create an association between Frontend1 and Policy1. Therefore, the correct answer is: A, E, F.

You already have a Policy1, no need to create a new one (= not B) You already have a Frontend Host, Frontend1 (= Not C) You need to deploy a custom rule (=Not D)

The text clearly says: 1. Requests to Frontend1 that have a header containing "string2" must be redirected 2. Frontend1 already has a policy assigned. Because of the fact that you cannot add more than 1 policy to frontend1 it makes no sense to create a second policy. For that reasin my vote is CEF