6.3.2. Networking Security Questions

Question 4

Your organization requires encrypted connectivity to Azure with bandwidth between 10 Gbps and 100 Gbps.

Which solution should you recommend?

• A. VPN Gateway with VpnGw5
• B. ExpressRoute with VPN overlay
• C. ExpressRoute Direct with MACSec
• D. Azure Virtual WAN with encrypted hub

Answer: C

Explanation: VPN Gateway maxes out at 10 Gbps. ExpressRoute with VPN overlay is also limited to ~10 Gbps. Only ExpressRoute Direct with MACSec provides Layer 2 encryption at bandwidths up to 100 Gbps.

Question 5

You have two virtual networks that each contain two subnets. You need to enable Azure Storage service endpoints.

How many service endpoints do you need to create?

• A. 1
• B. 2
• C. 4
• D. 8

Answer: C

Explanation: Service endpoints are configured per subnet, not per VNet. With 2 VNets × 2 subnets each = 4 service endpoints needed.

Question 6

You need to protect web applications from SQL injection attacks and cross-site scripting. Which service should you deploy?

• A. Azure DDoS Protection Standard
• B. Azure Firewall
• C. Web Application Firewall (WAF)
• D. Network Security Groups

Answer: C

Explanation: WAF protects against OWASP Top 10 vulnerabilities including SQL injection and XSS. DDoS Protection handles volumetric attacks. Azure Firewall operates at Layers 3-4. NSGs filter based on IP/port.