AZ-204 Quiz

Storage Security

Question:

Your company hosts static assets such as images and videos in Azure Storage.
Management is concerned that sudden traffic spikes or malicious requests could overwhelm the storage account.
They want a solution that provides both performance improvements for global users and an additional layer of protection by offloading traffic away from the storage origin.

Which service should you configure?

Answer:

Azure CDN caches content at distributed edge locations. This reduces latency, improves availability during heavy traffic, and shields the origin (Azure Storage) from being directly hit by every request. While not a replacement for dedicated DDoS protection, it adds an indirect layer of resilience against volumetric attacks.
Azure DDoS Protection Standard is designed to mitigate network-layer DDoS attacks on public IPs. Azure Storage endpoints are platform-managed, and you cannot attach DDoS Protection directly to them. Therefore, this does not solve the stated problem.
Azure Front Door provides global load balancing and WAF features, but the question is specifically about caching storage content at the edge.
Azure Firewall filters traffic using network rules but does not provide caching, latency reduction, or origin shielding.
Azure Application Gateway provides application-layer load balancing and WAF but does not cache static storage content globally.

Report a problem

Exam revision: April 11, 2025