Practice Test
True or False: App Service automatically switches to HTTPS on Azure.
- True.
- False.
Answer: True.
Explanation: Azure App Service enforces HTTPS for all incoming requests by default, enhancing the security of the application.
Which of these is NOT a threat detection type for App Service on Azure?
- a. SQL Injection
- b. Access from unusual location
- c. DDoS attack
- d. Illegal experimentation
Answer: (d) Illegal experimentation
Explanation: Azure does not directly have a threat detection type named “Illegal experimentation”. It has other measures like SQL Injection, Access from unusual location, and DDoS attack.
True or False: Azure App Service provides built-in authentication and authorization support.
- True.
- False.
Answer: True.
Explanation: Azure App Service indeed provides built-in authentication and authorization support, helping to secure your application without changing code.
Which of these is not a technical requirement to secure an App Service?
- a. SSL certificate
- b. Traffic Manager
- c. VPN
- d. Network Security Groups
Answer: (b) Traffic Manager
Explanation: Traffic Manager in Azure is used for DNS based traffic load balancing and not specifically for the security of App Service.
Is it possible to define custom domain SSL bindings for your App Service?
- a. Yes
- b. No
Answer: a. Yes.
Explanation: Azure allows you to define custom domain SSL bindings to secure the connection to your App Service.
True or False: App Service Environments offer the maximum security, scalability and isolation for running App Service apps in Azure.
- True.
- False.
Answer: True.
Explanation: App Service Environments offer greater security, scalability and isolation by running in your virtual network and scaling to numerous instances.
Which of the following is not a restriction for Free and Shared scale modes of App Service?
- a. No VNet Integration
- b. Always On not supported
- c. SSL not supported
- d. Can only host Node.js apps
Answer: d. Can only host Node.js apps.
Explanation: Azure App Service supports multiple languages and frameworks such as .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python.
True or False: Azure App Service supports IP based SSL.
- True.
- False.
Answer: True.
Explanation: Azure App Service does support IP-based SSL apart from SNI SSL.
Which of Azure’s web application security services includes a Web Application Firewall (WAF)?
- a. Azure App Service
- b. Azure DDoS Protection
- c. Azure Active Directory
- d. Azure Front Door
Answer: d. Azure Front Door
Explanation: While Azure App Service does have some security measures, the Web Application Firewall (WAF) is part of the Azure Front Door Service.
True or False: Azure App Service provides pre-defined security alerts.
- True.
- False.
Answer: True.
Explanation: Azure App Service provides pre-defined security alerts as a part of its threat protection solution.
Difficulty level: Medium. Which of the following are correct methodologies to secure an App Service?
- a. Rely on Azure’s default settings.
- b. Regularly review and rotate access credentials.
- c. Utilize Azure AD for authentication and authorization.
- d. Use only HTTP for connection.
Answer: b. Regularly review and rotate access credentials, c. Utilize Azure AD for authentication and authorization.
Explanation: One shouldn’t rely only on default settings for security and HTTPS should always be used instead of HTTP for connections.
What can you use to detect and mitigate potential security threats to your Azure App Service?
- a. Application Insights
- b. Azure Monitor
- c. Azure Security Center
- d. None of the above
Answer: c. Azure Security Center.
Explanation: Azure Security Center provides unified security management and advanced threat protection across hybrid cloud workloads.
Interview Questions
What is Azure App Service?
Azure App Service is a fully managed platform for building, deploying,
and scaling your web apps. It provides a powerful and flexible option
to create everything from simple prototypes to complex web applications.
How can you secure an App Service in Azure?
We can secure Azure App Service in several ways:
- Authentication and authorization
- Client certificate
- IP restrictions
- Secure Sockets Layer(SSL) settings
What are the functions of Azure App Service Authentication/Authorization?
Azure App Service Authentication/Authorization allows you to easily
secure your app with a variety of authentication providers like Azure Active
Directory, Google, Facebook, Twitter etc. and manage the authorized access
to your app.
How does Azure App Service IP Restrictions work?
IP Restrictions for an Azure App Service allows you to set up a list of
allowable IP addresses. This way, only requests made from these IP addresses
can access the web application and all other IP addresses are denied by default.
How do you apply SSL settings to an Azure app service?
To apply SSL settings to an Azure app service, go to the Azure portal,
navigate to the app service you want to configure, click on ‘TLS/SSL settings’,
and there you can add, map, and remove SSL bindings.
How does Azure App Service handle Client Certificates?
Azure App Service has an option to require incoming requests to present
a valid client certificate for authorization. This is done by uploading the
certificate into the Azure portal and then enabling the option on the App Service.
How can Azure App Service Authentication/Authorization setup be configured?
The Azure App Service Authentication/Authorization set up can be configured
in the Azure portal at the individual web application level. We can navigate to the
web application and under the ‘Authentication/Authorization’ blade, configure the desired settings.
What are some of the built-in authentication providers supported by Azure App Service?
Azure App Service supports a variety of built-in authentication providers such as
Azure Active Directory, Google, Facebook, Twitter, Microsoft Account and others.
What is the primary purpose of secure Azure App Services with Client Certificates?
The primary purpose is to require incoming requests to present a valid certificate
for authentication. This enables an additional security layer where each request made to the
app service can be authenticated and authorized using SSL client certificates.
Can an App Service on Azure be integrated with a Virtual Network?
Yes, Azure App Services can be integrated with Azure Virtual Networks using Service Endpoints and
Azure Private Link to securely host and access web apps.
What precautions should be taken before enabling IP restrictions on an Azure app service?
Before enabling IP restrictions on an Azure app service, ensure that
any trusted IP addresses or ranges are added to the whitelist otherwise
they may be blocked from accessing the app service.
What is the purpose of Windows Identity Foundation (WIF) in Azure App Service Authorization?
Windows Identity Foundation (WIF) is a framework for building
identity-aware applications. In Azure App Service, it is used
to authenticate and authorize users to gain access to protected
resources within the application.
Are multi-factor authentication methods applicable on Azure App Services?
Yes, Azure App Service does allow for the implementation of multi-factor
authentication methods for user sign-in, requiring users to verify their
identity through more than one verification method.
What is the role of Azure Private Link in securing an Azure App Service?
Azure Private Link provides private access to your app service over a private network
connection. It helps isolate the network traffic to your app service, thus adding a
significant layer of security.
Can service endpoints increase the security of your Azure App Service?
Yes, service endpoints provide secure and direct network connectivity to
Azure resources from a virtual network, enhancing your app service’s security
by isolating access to your app service on a per-virtual network basis.
extutorials.com