Q: 7
You have an Azure Web Application Firewall (WAF) policy in prevention mode that is associated to an
Azure Front Door instance.
You need to configure the policy to meet the following requirements:
Log all connections from Australia.
Deny all connections from New Zealand.
Deny all further connections from a network of 131.107.100.0/24 if there are more than 100
connections during one minute.
What is the minimum number of objects you should create?
Options
Discussion
Its A, since you can’t mix different actions like Log and Block in a single WAF rule. I get why B looks tempting but it’s a trick option here. Seen something similar on practice tests, agree?
Why does Microsoft always split up rule types so much? I picked D since you could technically combine two actions as conditions (like block + log) in a single rule, then have another for the rate limit. But maybe I'm missing something with Azure's WAF limits here, not 100% sure.
C seems right-one rule with a condition per network. Rules can be chained, so why not combine?
Seen this on a few practice sets, it's A. Official docs and some labs drill in that log, block, and rate limit each need their own custom rule object in Azure WAF.
Why not D? Mixing log and block in one rule looks possible at first, but Azure doesn't support it.
C or D? If Azure changed so you could set different actions in the same rule with multiple conditions, B or D might be possible. But from what I remember, rate limiting can't be mixed with match rules, so leaning toward A still. Someone please correct me if I'm wrong.
Gotta be A. Each custom rule in Azure WAF can only have one action, so you need one for log, one for block, and one for rate limit. Makes sense based on how the portal works. If I missed something recent, let me know.
It’s A, and honestly Azure loves making this stuff more complicated than it should be. Each custom WAF rule can only have one action, so you need separate rules for logging (Australia), blocking (New Zealand), and rate limiting (the /24 net). Seen this on other practice sets, unless they’ve changed something recently. If someone’s got a different take let me know.
Actually, it's A. The trick is you can't combine Log and Block actions in one WAF custom rule, so B and D are tempting but wrong. Azure wants a separate rule per unique action. Seen this pattern on similar questions, correct me if I'm missing something.
Option D makes sense if you could mix log and block actions in the same WAF rule, but that's not how Azure works right now. The trap is thinking you can combine them, like in B or D. I'm pretty sure A is right unless there's been a new Azure update I missed.
Be respectful. No spam.
