Exam AZ-500 All QuestionsBrowse all questions from this exam
Go to Exam
Question 440

HOTSPOT

-

You are implementing an Azure Application Gateway web application firewall (WAF) named WAF1.

You have the following Bicep code snippet.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

    Correct Answer:

Discussion
Mnguyen0503

I believe answer is YNY. WAF is in Detection mode, which means it won't take any action. https://learn.microsoft.com/en-us/azure/web-application-firewall/cdn/cdn-overview#waf-modes As far as the file upload limit, I only found 1 article indicating the limit is 2GB. https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/waf-engine

Vokuhila

More info about file size limits can be found here https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#application-gateway-limits Maximum file upload size (Standard SKU) V2 - 4 GB V1 - 2 GB

Pamban

agreed with the explanation. thanks

Jimmy500

Yes, No, Yes First, we need to see that policy is in Detection mode this mean it will not prevent something, also there is OWAPS which will protect us from common attack types, however again policy is in detection mode not prevention mode that is why it will just audit in this case. The third bullet point is the about file upload limit Standard SKU V1, tier allows us to upload max 2GB and Standard SKU V2 allows us to upload us max 4GB. Here question asks 50mb so we can upload it then. Statement-1, Yes Statement-2 No Statement-3 Yes

Nava702

Given answers are correct. The block rule has a negate condition, which means all requests originating from anything except the mentioned CIDR range will be blocked.

fireboysz

should be YYN: 10.1.1.5 is outside the CIDR range of blocked IP; OWASP blocks common attacks like file path attack, the detection mode in WAF does not mean it will do nothing when attack occurs; the body request for WAF is 128K, due to the OWASP

Apptech

For File Upload there is another property: fileUploadLimitInMb https://learn.microsoft.com/en-us/azure/templates/microsoft.network/ApplicationGatewayWebApplicationFirewallPolicies?pivots=deployment-language-bicep

Apptech

Look also at Nava702's post about the IP range. You also can see here: https://learn.microsoft.com/en-us/azure/templates/microsoft.network/ApplicationGatewayWebApplicationFirewallPolicies?pivots=deployment-language-bicep

Apptech

Finally the policy is in detection mode. So, I also go for Y,N,Y