🔥 3-day streak
Microsoft Cybersecurity Architect Expert7 / 158
Question 7 of 158

A retail company runs a public e-commerce web application behind Azure Front Door. Security has observed credential-stuffing attempts, automated scraping of product pricing, and occasional SQL injection payloads against the login and search endpoints. The architect must design a WAF policy that blocks known web exploits, mitigates malicious automated traffic, and allows verified search-engine crawlers to continue indexing the catalog, while minimizing false positives against legitimate shoppers. Which WAF configuration best meets these requirements?

Reviewed for accuracy · Report an issueNext question