Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated goals.
Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear in the review screen.
You are developing a web app named mywebapp1
Mywebapp1 uses the address myapp1.azurewebsites.net.
You protect mywebapp1 by implementing an Azure Web Application Firewall (WAF)
The traffic to mywebapp1 is routed through an Azure Application Gateway instance that is also used by other web apps.
You want to secure all traffic to mywebapp1 by using SSL.
Solution: You configure mywebapp1 to run in an Azure App service environment (ASE)
Does this meet the goal?
Click on the arrows to vote for the correct answer
A. B.B.
The Azure App service environment (ASE) is used to run an app in an isolated environment.
https://docs.microsoft.com/en-us/azure/app-service/environment/introThe proposed solution of configuring mywebapp1 to run in an Azure App Service Environment (ASE) does meet the goal of securing all traffic to mywebapp1 by using SSL. Therefore, the answer is A. Yes.
Here's why:
Azure Web Application Firewall (WAF) provides protection for web applications from common exploits and vulnerabilities. It is a layer 7 service that inspects HTTP(S) traffic to detect and block malicious requests based on rules. WAF is typically deployed in front of a web application, and it can be used with any web application that is deployed on Azure.
An Azure Application Gateway is a layer 7 load balancer that can provide SSL termination for incoming traffic to web applications. It can also route traffic based on URL paths, hostnames, or other conditions. An application gateway can be used to front-end multiple web applications and distribute traffic to them based on rules.
However, when a web app is hosted in Azure App Service, it is already protected by default with SSL encryption. Azure App Service provides a managed platform for hosting web apps, and it includes built-in SSL certificate management. By default, App Service provides SSL encryption for traffic to web apps by using a wildcard SSL certificate for the domain *.azurewebsites.net.
Therefore, when mywebapp1 is configured to run in an Azure App Service Environment (ASE), all traffic to the web app is already protected by SSL. This is because an ASE is a private, isolated environment for hosting web apps, and it provides additional security features such as dedicated IP addresses, virtual network integration, and integration with Azure Key Vault for managing SSL certificates.
In summary, the proposed solution of configuring mywebapp1 to run in an Azure App Service Environment (ASE) does meet the goal of securing all traffic to mywebapp1 by using SSL. Therefore, the answer is A. Yes.