Microsoft Azure Security Engineer Associate AZ-500 Practice Question
You manage an Azure Application Gateway v2 that is configured with a Web Application Firewall (WAF) policy in Prevention mode. The security team wants to allow traffic that originates from the on-premises public IP range 131.10.50.0/24 to bypass all WAF inspections, while the existing OWASP managed rule set must remain enforced for every other request. What should you do to meet this requirement?
Attach a Network Security Group to the Application Gateway subnet and permit the 131.10.50.0/24 range.
Add a high-priority custom Match rule that allows requests when the client IP address falls within 131.10.50.0/24.
Change the WAF policy mode from Prevention to Detection for the Application Gateway.
Create a WAF exclusion list that specifies the 131.10.50.0/24 address range.
In an Application Gateway WAF policy you can create a custom rule of type Match that evaluates the source IP address. Custom rules are processed before any managed rule sets, and evaluation stops as soon as a request matches a rule. Therefore, adding an Allow action custom rule that matches the on-premises CIDR range and assigning it a higher priority (lower numeric value) than every other custom rule ensures requests from that range are accepted without being inspected by the OWASP managed rules. Exclusion lists do not skip all inspections; they only remove specific fields from evaluation. Network Security Groups operate at the virtual-network layer, not inside the WAF pipeline. Switching the WAF mode to Detection would disable blocking for all traffic, which is not required.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an Azure Web Application Firewall (WAF) policy in Prevention mode?
Open an interactive chat with Bash
What is a custom Match rule in Azure Application Gateway WAF policies?
Open an interactive chat with Bash
How does the priority system work in Azure WAF custom rules?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure networking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .