ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-720 All Questions

View all questions & answers for the AZ-720 exam
Go to Exam

Exam AZ-720 topic 5 question 46 discussion

Actual exam question from Microsoft's AZ-720
Question #: 7
Topic #: 5
[All AZ-720 Questions]

A company deploys the Azure Application Gateway Web Application Firewall (WAF) to protect their web applications.
Users in a remote office location report the following issues:
• Unable to access part of a web application.
• Part of the web application is failing to load.
• Parts of the web application has activities that are not performing as expected.
You need to troubleshoot the issue.
Which diagnostic log should you review?

  • A. Azure Activity
  • B. Access
  • C. Performance
  • D. Firewall
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by [deleted] at Jan. 25, 2023, 12:19 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
terawatt
1 year, 10 months ago
Selected Answer: B
It seems plausible to start with the Access logs. Access logs in Azure Application Gateway provide detailed information about incoming client requests, including client IP, request type, URI, response status, and transaction latency, which are valuable for debugging application behaviour and issues. It's crucial to understand that while the Firewall logs can provide insight into whether the WAF is blocking requests based on its rule set, the Access logs can give a more holistic view of what's happening, including requests that are not being blocked by the WAF but are still failing or causing performance issues. Therefore, in the context of the question where users are experiencing varied issues (access issues, load failures, and performance discrepancies), starting with Access logs (Option B) can indeed be the most beneficial approach. Once you have more information from the Access logs, you can then investigate other logs like Firewall or Performance logs as necessary.
upvoted 1 times
...
cris_exam
2 years, 1 month ago
Selected Answer: B
Access log is the way to start checking for this type of issue - see my updated comments.
upvoted 2 times
...
cris_exam
2 years, 1 month ago
Selected Answer: C
I would totally go for C. "Performance log: You can use this log to view how Application Gateway instances are performing. This log captures performance information for each instance, including total requests served, throughput in bytes, total requests served, failed request count, and healthy and unhealthy backend instance count. A performance log is collected every 60 seconds. The Performance log is available only for the v1 SKU. For the v2 SKU, use Metrics for performance data." https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-diagnostics#diagnostic-logging
upvoted 1 times
cris_exam
2 years, 1 month ago
OK, so this question has been bugging me a lot. I reached out to an SME (Subject Matter Expert) on AppGW, and concluded that Access logs are actually the best way to go - they hold info about Correlation and Transaction IDs which could further be checked on WAFlogs (aka FW logs), backend server latency and gives you the URIs of the requests received in the AppGW which are great to understand any unusual behavior or perhaps why the requests are failing narrowing to the cause. After checking the Access Logs, based on those findings you can move to the Performance or FW logs - but the Access log is where you would want to start. Hence, I change my answer and say that the given answer is actually correct. Please forgive me if I confused you with all my posts here. :)
upvoted 1 times
...
...
MarshalLaw
2 years, 1 month ago
Selected Answer: D
Based on the link that ADrem has provided, I would say the answer is D (Firewall). The link says the Firewall log as follows: Firewall log: You can use this log to view the requests that are logged through either detection or prevention mode of an application gateway that is configured with the web application firewall. Firewall logs are collected every 60 seconds.
upvoted 1 times
cris_exam
2 years, 1 month ago
Usually FW specific issues are either allowed or denied not that a page is not fully loading or parts of it is having issues. This is either a backend issue or an AppGW platform issue (CPU/scale, etc) and in some cases, yes, it could be that depending on what HTTP requests are sent (headers/args, etc), WAF blocks, but, I just find it that the Performance logs would be a better approach to start investigating and then go to WAF logs. :) Just my thoughts on this...
upvoted 1 times
cris_exam
2 years, 1 month ago
yeah, ignore this above message and look at the newest one I wrote about the Access Logs.
upvoted 1 times
...
...
...
Jgjxgjm
2 years, 2 months ago
Why is not D correct answer? In the below article, in case of using WAF, it is displayed can use Firewall log.
upvoted 3 times
...
[Removed]
2 years, 4 months ago
Answer should be C. More info on: https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-diagnostics
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel