Home › Azure AZ-500 › cloudcomputing › az500networking › Which Azure DDoS protection tier should a securi…
Which Azure DDoS protection tier should a security engineer recommend for an internet-facing workload that must survive a volumetric L3/L4 DDoS attack with automatic mitigation and DDoS rapid response?
AAzure DNS
BAzure DDoS Protection Basic (free, no SLA, limited mitigation)
CAzure DDoS Protection Standard (or Network DDoS Protection plan)
DDisabling public IP
Answer & Solution
Correct answer: C. Azure DDoS Protection Standard (or Network DDoS Protection plan)
DDoS Protection Standard provides full DDoS mitigation + DRR (per AZ-500 §2 DDoS). Basic is best-effort; the others aren't DDoS controls.
Related questions
Which Azure Virtual Network feature should a security engineer use to define custom routinWhich Azure tool should a security engineer use to capture and analyse VNet traffic flows Which Microsoft Defender for Cloud feature lets a security engineer OPEN management ports Which Azure service lets a security engineer SSH or RDP into a VM through the Azure portalWhich Azure networking feature should a security engineer use to give an Azure storage accWhich Azure networking feature should a security engineer use to give a VM-hosted workloadWhich Azure global edge service should a security engineer use to protect a globally-distrWhich Azure service is the canonical L7 application gateway with built-in Web Application