Azure Resource Automation Strategy with Resource Manager Templates

D

DDoS is a type of attack that tries to exhaust application resources. The goal is to affect the application's availability and its ability to handle legitimate requests.

DDoS attacks can be targeted at any endpoint that is publicly reachable through the internet.

Azure has two DDoS service offerings that provide protection from network attacks: DDoS Protection Basic and DDoS Protection Standard.

DDoS Basic protection is integrated into the Azure platform by default and at no extra cost.

You have the option of paying for DDoS Standard. It has several advantages over the basic service, including logging, alerting, and telemetry. DDoS Standard can generate reports that contain details of attempted attacks as required in this question.

To meet the given requirements of securing websites from attacks and generating reports of attempted attacks, the following components of an Azure solution can be considered:

A. Azure Firewall: Azure Firewall is a managed, cloud-based network security service that provides security for Azure Virtual Network resources. It provides centralized security management and log analytics, allowing you to protect your workloads from network-based threats. It also allows you to create and apply application and network rules to allow or deny traffic.

B. Network Security Group (NSG): A Network Security Group is a basic Azure networking component that is used to filter network traffic to and from Azure resources in an Azure virtual network. NSGs can be used to enforce network traffic policies, control access to resources, and protect against network-based attacks. NSGs also provide log data, which can be used for generating reports.

C. Azure Information Protection: Azure Information Protection (AIP) is a cloud-based service that provides data classification and protection by labeling, classifying, and protecting sensitive information. It provides policies that can be used to encrypt, track, and revoke access to protected data, which can help prevent data breaches and attacks.

D. DDoS protection: DDoS (Distributed Denial of Service) protection is a service that provides network traffic monitoring and mitigation to prevent DDoS attacks. Azure DDoS Protection Standard provides automatic and scalable DDoS protection for virtual networks. It uses adaptive tuning and machine learning to provide fast and accurate attack detection and mitigation.

Therefore, to meet the given requirements of securing websites from attacks and generating reports of attempted attacks, options A (Azure Firewall) and B (Network Security Group) are the most appropriate choices. Both of these options provide network-based security and log data that can be used to generate reports. Option C (Azure Information Protection) provides data protection but does not directly address network-based attacks, and Option D (DDoS protection) only addresses a specific type of attack.