This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Answer the following questions to check your understanding of implementing security controls for Azure App Services and Web Application Firewall.
What does enabling the Require authentication option in App Service EasyAuth do for incoming requests?
It encrypts all inbound traffic before it reaches application code.
It blocks unauthenticated requests at the platform layer before they reach application code, returning a 401 response or redirecting to the identity provider.
It assigns a managed identity to the App Service for outbound service authentication.
It restricts inbound traffic to specific IP address ranges.
What is the recommended approach when first deploying a WAF policy on Application Gateway against an existing production application?
Deploy in Prevention mode immediately to block attacks from the start.
Deploy in Detection mode, analyze logs to identify false positives, configure exclusions, and then switch to Prevention mode.
Deploy in Detection mode and leave it permanently because Prevention mode increases latency.
Deploy without a WAF policy and attach one after observing traffic patterns for 30 days.
What is the purpose of configuring a WAF rule exclusion?
To permanently disable a WAF rule across all requests when, it causes too many alerts.
To allow legitimate requests that trigger WAF rules to pass through, scoped to a specific request element rather than disabling the rule globally.
To increase the priority of a rule so, it's evaluated before other rules in the managed rule set.
To route WAF-blocked requests to a different backend pool instead of returning a 403 response.
Why is it important to configure App Service access restrictions to allow only Application Gateway traffic after deploying Application Gateway with WAF?
To reduce the cost of outbound data transfer from App Service.
To ensure App Service only accepts traffic that passed through WAF inspection, preventing attackers from bypassing the WAF by targeting the App Service hostname directly.
To enable end-to-end Transport Layer Security (TLS) encryption between Application Gateway and App Service.
To prevent Application Gateway from caching responses from App Service.
Which attack category does the SQL injection (SQLI) rule group in the OWASP Core Rule Set (CRS) protect against?
Attacks that overload the server with more requests than it can handle.
Attacks that inject malicious SQL statements into input fields to manipulate back-end database queries.
Attacks that inject client-side scripts into web pages to execute in other users' browsers.
Attacks that intercept encrypted traffic between the client and the server.
You must answer all questions before checking your work.
Was this page helpful?
Need help with this topic?
Want to try using Ask Learn to clarify or guide you through this topic?