Azure Web Application Firewall (WAF) integrated with Application Gateway is configured to protect a web app. What happens when a request contains a SQL injection attack pattern?
Think about where the WAF inspects traffic and its role in protecting the backend.
Azure WAF inspects incoming HTTP requests and blocks malicious patterns like SQL injection before they reach the backend, preventing attacks early.
You want to enable logging for your Azure Application Gateway WAF to monitor blocked requests. Which configuration step is required?
Consider where WAF logs are collected and how Azure services integrate for monitoring.
Diagnostics logging must be enabled on the Application Gateway resource and configured to send logs to a Log Analytics workspace for monitoring WAF events.
You need to design an Azure Application Gateway with WAF that remains available during zone failures. Which architecture ensures zone redundancy?
Think about Azure's zone redundancy features and how Application Gateway supports them.
Deploying Application Gateway with WAF SKU across multiple availability zones in the same region provides zone redundancy and high availability during zone failures.
Azure Application Gateway WAF supports different rule set modes. Which mode blocks malicious requests automatically?
Consider which mode actively stops attacks versus just reporting them.
Prevention mode actively blocks requests that match WAF rules, while detection mode only logs them without blocking.
You have custom WAF rules configured on your Azure Application Gateway. How can you update these rules with minimal or no downtime?
Think about how to avoid impacting live traffic during configuration changes.
Custom WAF rules can be edited directly on the live Application Gateway's associated WAF policy; changes apply asynchronously without downtime or service interruption.