Skip to Content

AZ-900: Which Azure Feature Provides DDoS Protection for Applications Running on Azure?

Which Azure feature protects applications from Distributed Denial-of-Service (DDoS) attacks? Learn how Azure DDoS Protection delivers automatic detection, mitigation, and analytics to safeguard cloud workloads.

Table of Contents

Question

Which Azure feature provides DDoS protection for applications running on Azure?

A. Azure Firewall
B. Azure DDoS Protection
C. Azure Security Center
D. Azure Bastion
E. Azure Sentinel

Answer

B. Azure DDoS Protection

Explanation

Azure DDoS Protection safeguards applications against Distributed Denial-of-Service (DDoS) attacks.

The Azure feature that provides DDoS protection for applications running on Azure is Azure DDoS Protection.

Detailed Explanation:

Purpose: Azure DDoS Protection is specifically designed to defend Azure resources against Distributed Denial-of-Service (DDoS) attacks, which attempt to overwhelm applications and make them unavailable to legitimate users.

How It Works: The service monitors traffic patterns to Azure resources 24/7, automatically detects abnormal spikes or attack signatures, and instantly initiates mitigation when a DDoS attack is detected. It drops malicious traffic while allowing legitimate requests to reach the application.

Protection Layers: Azure DDoS Protection operates at network (Layer 3) and transport (Layer 4) layers, defending against volumetric, protocol, and resource exhaustion attacks. For application-level (Layer 7) protection, it can be combined with a Web Application Firewall (WAF).

Key Features:

  • Always-on traffic monitoring and adaptive real-time tuning using machine learning to profile normal traffic and detect anomalies.
  • Automatic mitigation without manual intervention—protection is enabled as soon as the service is activated for a virtual network or public IP.
  • Detailed analytics, metrics, and alerting via Azure Monitor, with integration to SIEM systems for real-time monitoring and post-attack analysis.
  • Access to the DDoS Rapid Response team for assistance during and after an attack.
  • Multi-layered protection when combined with a WAF, covering both network and application layers.

Tiers: Azure DDoS Protection is available in different tiers (DDoS Network Protection and DDoS IP Protection) to suit different resource and cost requirements.

Azure DDoS Protection provides automatic detection, mitigation, and analytics to protect Azure applications from DDoS attacks, ensuring service availability and minimizing disruption by blocking malicious traffic at the network edge.

Microsoft Azure Fundamentals AZ-900 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft Azure Fundamentals AZ-900 exam and earn Microsoft Azure Fundamentals AZ-900 certification.