Microsoft Cybersecurity Architect — Question 77
You have an Azure subscription. The subscription contains multiple Azure App Service web apps that are distributed across multiple Azure regions and are accessed via the internet.
You need to ensure that all incoming requests to the apps are inspected for threats based on the Core Rule Set (CRS) from the Open Web Application Security Project (OWASP). The solution must meet the following requirements:
• Support the use of Microsoft-managed X.509 certificates.
• Route users to the geographically closest app.
• Minimize administrative effort.
What should you use?
Answer options
- A. Azure Firewall Premium
- B. Azure Front Door with a web application firewall (WAF)
- C. Azure Firewall Standard
- D. Azure Application Gateway with a web application firewall (WAF)
Correct answer: B
Explanation
The correct answer is B, Azure Front Door with a web application firewall (WAF), as it meets all the specified requirements by providing threat inspection, using Microsoft-managed certificates, and optimizing routing to the nearest app while minimizing management effort. Azure Firewall Premium and Standard (options A and C) are more focused on network security rather than application-level traffic management and do not provide the geographic routing benefits. Option D, Azure Application Gateway with WAF, is a suitable alternative but does not offer the same global routing capabilities as Azure Front Door.