Microsoft Azure Administrator (AZ104) Practice Exam

If a web app in Azure is set to require HTTPS, how can you also ensure that it meets security compliance?

• A. By enabling Web Application Firewall
• B. By implementing Azure Active Directory authentication
• C. By using custom domain HTTPS binding
• D. By enabling CORS policies

The correct answer is: By implementing Azure Active Directory authentication

Implementing Azure Active Directory (AAD) authentication is a significant step towards meeting security compliance for a web app that requires HTTPS. AAD provides a robust identity management and access control solution that can enhance the security of your application by ensuring that only authorized users can access it. This means you can enforce strong authentication methods like multi-factor authentication (MFA), making it harder for unauthorized users to gain access. AAD also provides features like conditional access policies, which can restrict access based on user identity, location, and device compliance. By integrating AAD authentication, you ensure not only the confidentiality of the information transmitted over HTTPS but also secure user authentication and authorization, contributing effectively to compliance requirements. While enabling a Web Application Firewall (WAF) does provide additional security layers by protecting against common threats and vulnerabilities, it does not directly contribute to securing user access and identity management. Custom domain HTTPS binding ensures that your custom domains are secured, but it does not address the need for user authentication and access controls that contribute to compliance. Enabling CORS policies is primarily related to managing cross-origin requests and while it adds a layer of security in terms of resource sharing, it does not directly relate to authentication and access control requirements necessary for compliance.