Examice

Exam AZ-500 All QuestionsBrowse all questions from this exam

Go to Exam

Question 443

You have an Azure subscription that contains the resources shown in the following table.

You create an Azure DDoS Protection plan named DDoS1 in the West US Azure region.

Which resources can you add to DDoS1?

VNetl1only

WebApp1 only

VNet1 and VNet2 only

VNet1 and WebApp1 only

VNet1, VNet2, and WebApp1

Correct Answer: C

Azure DDoS Protection plans protect virtual networks (VNets) from Distributed Denial of Service (DDoS) attacks. It does not apply to web apps directly. This means that VNet1 and VNet2 can both be protected under the DDoS1 plan, but WebApp1 cannot be. Therefore, the resources that can be added to DDoS1 are VNet1 and VNet2.

Discussion

chiquitoOption: E

Answer E: is correct Note Although DDoS Protection Plan resources needs to be associated with a region, users can enable DDoS protection on Virtual Networks in different regions and across multiple subscriptions under a single Microsoft Entra tenant. Reference: https://learn.microsoft.com/en-us/azure/ddos-protection/manage-ddos-protection https://learn.microsoft.com/en-us/answers/questions/951433/how-to-protect-azure-webapp-from-denial-of-service https://www.examtopics.com/exams/microsoft/az-500/view/29/#

Jimmy500Option: C

I think here answer is C as in order to add DDOS protection to Web App we should have application gateway deployed to the vnet but here we can not talk about WAF deployed that is why I would go with C. Enable DDOS Protection Standard on the virtual network hosting your App Service's Web Application Firewall. Azure provides DDoS Basic protection on its network, which can be improved with intelligent DDoS Standard capabilities which learns about normal traffic patterns and can detect unusual behavior. DDoS Standard applies to a Virtual Network so it must be configured for the network resource in front of the app, such as Application Gateway or an NVA. https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/app-service-security-baseline BR

93b98ea

Agreed, "or web applications protection at layer 7, you need to add protection at the application layer using a WAF offering. For more information, see Application DDoS protection."

RaphaelGOption: E

Answer E: as per chiquito explanation

e2b11caOption: C

A DDoS protection plan defines a set of virtual networks that have DDoS Network Protection enabled, across subscriptions.