Microsoft Certified: Azure Fundamentals (AZ-900) Practice Exam

What service should you use to prevent your public-facing website from being overwhelmed by an attack?

• A. DDoS protection
• B. Azure Firewall
• C. Network Security Group
• D. Application Gateway

The correct answer is: DDoS protection

DDoS protection is the appropriate service to use for preventing your public-facing website from being overwhelmed by an attack, specifically by Distributed Denial of Service (DDoS) attacks. DDoS attacks aim to make a service unavailable by flooding it with traffic, which can lead to service outages and disruption. DDoS protection in Azure is specifically designed to detect and mitigate these attacks in real-time, enabling the website to maintain availability even during an attack. This service includes features like always-on traffic monitoring and automatic attack mitigation, which are crucial for maintaining performance and availability. While other options mentioned have their own security functions, they address different aspects of network and application security rather than the specific threat of DDoS attacks. For example, Azure Firewall provides network filtering and protection, focusing on controlling traffic flow and securing access, while Network Security Groups are used for managing inbound and outbound traffic at the subnet or network interface level. Application Gateway can provide some features like Web Application Firewall (WAF) and load balancing but does not specifically target DDoS threats. Therefore, DDoS protection is the specialized service that directly addresses the need to safeguard a public-facing website from overwhelming traffic due to attacks.