A cybersecurity analyst reviews infrastructure as code (IaC) scans of a new application to ensure the infrastructure requires authentication for incoming requests. After running the IaC configuration scanner, the analyst sees the following output:LOW: Ensure that Managed Identity provider is enabled for app services - Checkov (CKV_AZURE_71), MEDIUM: Ensure the web app has 'Client certificates (Incoming Client Certificates)' set - Checkov (CKV_AZURE_17), MEDIUM: Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service - Checkov (CKV_AZURE_14), MEDIUM: Ensure that FTP register with Azure Active Directory is enabled on App Service - Checkov (CKV_AZURE_16), MEDIUM: Ensure that FTP deployments are disabled - Checkov (CKV_AZURE_78), LOW: Ensure that verbose logging is enabled for the web app - Checkov (CKV_AZURE_61), MEDIUM: Ensure that 'HTTP Version' is the latest if used to run the web app - Checkov (CKV_AZURE_18).Which of the following alerts should the analyst address to meet the requirement? (Select two).

Rationale

Choices B and C should be addressed by the analyst to meet the requirement.

The requirement specified involves ensuring authentication for incoming requests, which can be addressed by enabling the Managed Identity provider for app services (CKV_AZURE_71) and setting 'Client certificates (Incoming Client Certificates)' for the web app (CKV_AZURE_17).

A (CKV_AZURE_14) YOUR ANSWER

This alert focuses on ensuring that web app redirects all HTTP traffic to HTTPS in Azure App Service. While important for security, this does not directly relate to the requirement of ensuring authentication for incoming requests.

B (CKV_AZURE_16) CORRECT

This alert pertains to ensuring that FTP register with Azure Active Directory is enabled on App Service. Enabling this feature can enhance security by linking FTP deployments with Azure AD, which aligns with the requirement of ensuring authentication for incoming requests.

C (CKV_AZURE_17) CORRECT

This alert involves setting 'Client certificates (Incoming Client Certificates)' for the web app. Client certificates play a crucial role in authentication, making this a relevant step towards meeting the requirement of ensuring authentication for incoming requests.

D (CKV_AZURE_18) YOUR ANSWER

This alert focuses on ensuring that 'HTTP Version' is the latest if used to run the web app. While important for performance and security, it does not directly address the requirement of ensuring authentication for incoming requests.

E (CKV_AZURE_71) YOUR ANSWER

This alert is about enabling the Managed Identity provider for app services. While crucial for security, it does not directly relate to the immediate requirement of ensuring authentication for incoming requests.

F (CKV_AZURE_78) YOUR ANSWER

This alert pertains to ensuring that FTP deployments are disabled. While security-related, this does not directly align with the requirement of ensuring authentication for incoming requests.

Conclusion

In this scenario, addressing alerts B (CKV_AZURE_16) and C (CKV_AZURE_17) is essential to meet the requirement of ensuring authentication for incoming requests. By enabling the Managed Identity provider and setting client certificates for the web app, the analyst can enhance the security posture of the application and align it with the specified requirement.

Choices B and C should be addressed by the analyst to meet the requirement.

Related Questions

Related Quizzes

How familiar were you with this question?

Report an Issue

Rate this Practice Test