AZ-303 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-303 Exam - Question 224

HOTSPOT -

You are designing a virtual network to support a web application. The web application uses Blob storage to store large images. The web application will be deployed to an Azure App Service Web App.

You have the following requirements:

✑ Secure all communications by using Secured Socket layer (SSL)

✑ SSL encryption and decryption must be processed efficiently to support high traffic load on the web application

✑ Protect the web application from web vulnerabilities and attacks without modification to backend code

✑ Optimize web application responsiveness and reliability by routing HTTP request and responses to the endpoint with the lowest network latency for the client.

You need to configure the Azure components to meet the requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Exam AZ-303 Question 224
Show Answer
Correct Answer:
Exam AZ-303 Question 224

Box 1: Azure application Gateway

Azure Application Gateway supports end-to-end encryption of traffic. Application Gateway terminates the SSL connection at the application gateway. The gateway then applies the routing rules to the traffic, re-encrypts the packet, and forwards the packet to the appropriate back-end server based on the routing rules defined.

Any response from the web server goes through the same process back to the end user.

Box 2: Azure Security Center -

Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises.

Box 3: Azure Traffic Manager -

Azure Traffic Manager is a DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global Azure regions, while providing high availability and responsiveness.

References:

https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-end-to-end-ssl-powershell https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview https://docs.microsoft.com/en-us/azure/security-center/security-center-intro

Discussion

17 comments
Sign in to comment
snobrega
Jan 3, 2021

- App Gateway - App Gateway - Traffic Manager

SyntaxError
Jan 3, 2021

- App Gateway - App Gateway - Traffic Manager Source: https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview

DNeo
Mar 20, 2021

2nd one is also App Gateway because it has WAF to provide protection against web vulnerabilities

paulxyz90
Mar 17, 2021

The second one is tricky. Docs say - Security Center Security Center's threat protection enables you to detect and prevent threats at the Infrastructure as a Service (IaaS) layer, non-Azure servers as well as for Platforms as a Service (PaaS) in Azure. Security Center helps you detect threats across Azure PaaS services. You can detect threats targeting Azure services including Azure App Service, Azure SQL, Azure Storage Account, and more data services. So then we have WA - it says - Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and vulnerabilities. They are both protecting the app from threats however since it says protection from WEB VULNERABILITIES and ATTACKS then it would say WAF makes sense. The AG has a WAF but it's not the WAF itself so then Azure Security Center could be right too. Not sure.

paulxyz90
Mar 17, 2021

Thought of another thing. Since it says that no modification of backend code is allowed that might mean WAF again. Since Security Center Recommendations might suggest mods vs. just protect from attack. SC would identity only and have the ability through 'quick fix' to auto remediate. Net it's more of a assessment / detective control + optional remediation. APP GW and WAF is an active prevention control.

rdemontis
Jul 13, 2021

In my opinion here the key is that Security Center is not a way to protect the app from Attack and Vulnerabilities as WAF does, but a way to find and detect them. After the detection process you eventually have to solve them

pentium75
Jul 14, 2021

There's no way how Security Center would 'protect the web application from web vulnerabilities and attacks'. That clearly refers to WAF which is part of AppGW.

VMUN
Jun 26, 2021

26-June-21, Passed the exam. Answered - App GW, App GW, Traffic Manager

mooni
Jul 25, 2021

I believe the correct answer is App Gateway, Security Centre and Traffic Manager. You can enable Azure Defender from security center which provides security alerts and advanced threat protection for virtual machines, SQL databases, containers, web applications, your network, and more. The answer to the second question can not be an APGW as APGW on its own would not protect the web application without WAF being enabled and in the answer choice there is nowhere mention of WAF. However, Security center will provide you recommendations based on the data collected via azure defender.

certpro
Aug 6, 2021

Agree, according to this link, the given answer looks correct (Using Security center to Protect) https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview

syu31svc
Aug 30, 2021

https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview Protect your web applications from web vulnerabilities and attacks without modification to back-end code. It offers Transport Layer Security (TLS), previously known as Secure Sockets Layer (SSL), termination https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods Select Performance routing when you have endpoints in different geographic locations and you want end users to use the "closest" endpoint for the lowest network latency App Gateway App Gateway Traffic Manager

shafqat
Oct 2, 2021

- App Gateway - App Gateway - Traffic Manager

Stephan99
Jan 9, 2021

Azure Application Gateway offers a web application firewall (WAF) that provides centralized protection of your web applications from common exploits and vulnerabilities. Security Center collects data from your Azure virtual machines (VMs), virtual machine scale sets, IaaS containers, and non-Azure (including on-premises) machines to monitor for security vulnerabilities and threats.

oberte007
Feb 18, 2021

I think App Gateway for the both first combo box and traffic manager for the last one

wardy1983
May 4, 2021

https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction please read

BPQ
Aug 4, 2021

Azure Security Center Security Center helps you prevent, detect, and respond to threats. It provides increased visibility into and control over the security of your Azure resources. Application Gateway is integrated with Security Center. Security Center scans your environment to detect unprotected web applications. It can recommend Application Gateway WAF to protect these vulnerable resources. You create the firewalls directly from Security Center. These WAF instances are integrated with Security Center. They send alerts and health information to Security Center for reporting.

JustinWilliamAndrew
Jun 5, 2021

I think they want to test on one of the exam topic which is monitoring so security center is my choice. It is 50/50

tteesstt
Aug 21, 2021

1) APP GW 2) Security Center - can't be APP GW, it has no built in security features by default. 3) Traffic Manager

ranhara
Sep 16, 2021

WAF has security features

Noexperience
Dec 14, 2021

Given answer is wrong https://techcommunity.microsoft.com/t5/itops-talk-blog/what-s-the-difference-between-azure-security-center-azure/ba-p/2155188 It should be App Gateway, App Gateway and Traffic Manager. Azure Security Center is just a collection of event from Azure and log analytics.

nd78
Jan 22, 2022

on Exam today 21st Jan, 2022

AD3
Feb 12, 2022

Azure Security Center and Azure Defender are now called Microsoft Defender for Cloud. The gateway doesn't provide capability of assessing vulnerability and management of vulnerability. The answer is correct for second box. It's Security Center new name Microsoft Defender for Cloud.