Microsoft Azure Fundamentals AZ-900 Practice Question

The defense-in-depth model is the best approach for this requirement because it involves implementing multiple layers of security controls across various components such as physical infrastructure, network, identity, and applications. This layered security strategy ensures that if one layer is compromised, others still provide protection, significantly enhancing overall security.

Using a firewall to protect resources within the network is an essential component of network security, but it provides only one layer of defense. While firewalls can protect resources from unauthorized access at the network level, relying solely on a firewall is insufficient for comprehensive security in the cloud.

Relying on Azure DDoS Protection for security helps mitigate distributed denial-of-service (DDoS) attacks by automatically protecting resources from traffic spikes. While valuable, it addresses only a specific type of threat and does not provide the layered protection necessary for overall security.

Implementing role-based access control (RBAC) as a security measure primarily manages permissions and cannot provide complete protection across all areas, such as network security, data encryption, and threat detection.