AZ-204 – Question 124

0
176
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are developing a web app named mywebapp1. Mywebapp1 uses the address myapp1.azurewebsites.net. You protect mywebapp1 by implementing an Azure Web Application Firewall (WAF). The traffic to mywebapp1 is routed through an Azure Application Gateway instance that is also used by other web apps.
You want to secure all traffic to mywebapp1 by using SSL.

Q. 1 : Solution: You open the Azure Application Gateway’s HTTP setting and set the Override backend path option to mywebapp1.azurewebsites.net. You then enable the Use for App service option.
Does this meet the goal?

A. Yes
B. No

Correct Answer: A 

The ability to specify a host override is defined in the HTTP settings and can be applied to any back-end pool during rule creation.
The ability to derive the host name from the IP or FQDN of the back-end pool members. HTTP settings also provide an option to dynamically pick the host name from a back-end pool member’s FQDN if configured with the option to derive host name from an individual back-end pool member.
SSL termination and end to end SSL with multi-tenant services.
In case of end to end SSL, trusted Azure services such as Azure App service web apps do not require whitelisting the backends in the application gateway.
Therefore, there is no need to add any authentication certificates.

Reference: https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-web-app-overview

Q. 2 : Solution: You configure mywebapp1 to run in an Azure App service environment (ASE).
Does this meet the goal?

A. Yes
B. No

The Azure App service environment (ASE) is used to run an app in an isolated environment.
Reference: https://docs.microsoft.com/en-us/azure/app-service/environment/intro

Q. 3 : Solution: You open the Azure Application Gateway’s HTTP setting and set the Override backend path option to mywebapp1.azurewebsites.net. You then add an authentication certificate for mywebapp1.azurewebsites.net.
Does this meet the goal?

A. Yes
B. No

In case of end to end SSL, trusted Azure services such as Azure App service web apps do not require whitelisting the backends in the application gateway.
Therefore, there is no need to add any authentication certificates.

Related QuestionMORE FROM AUTHOR