Check your knowledge

1. An attacker can bring down your website by sending a large volume of network traffic to your servers.
   Which Azure service can help Tailwind Traders protect its App Service instance from this kind of attack?
   • Azure Firewall
   • Network security groups
   • Azure DDoS Protection
     DDoS Protection helps protect your Azure resources from DDoS attacks.
     A DDoS attack attempts to overwhelm and exhaust an application’s resources,
     making the application slow or unresponsive to legitimate users.
2. What’s the best way for Tailwind Traders to limit all outbound traffic from VMs to known hosts?
   • Configure Azure DDoS Protection to limit network access to trusted ports and hosts.
   • Create application rules in Azure Firewall.
     Azure Firewall enables you to limit outbound HTTP/S traffic
     to a specified list of fully qualified domain names (FQDNs).
   • Ensure that all running applications communicate with only trusted ports and hosts.
3. How can Tailwind Traders most easily implement a deny by default policy
   so that VMs can’t connect to each other?
   • Allocate each VM on its own virtual network.
   • Create a network security group rule
     that prevents access from another VM on the same network.
     A network security group rule enables you to filter traffic to and from
     resources by source and destination IP address, port, and protocol.
   • Configure Azure DDoS Protection to limit network access within the virtual network.

< LP4