[&] A security audit was recently completed on your website. One of the recommendations was to create custom error pages for 404, 403, and 405 error codes. Access to your web site is via an application gateway. Where should you set custom error pages?
- Listeners -- Correct
- Web application firewall
- HTTP settings
- Rules

[&] Christa owns a small clothing boutique. She has an e-commerce site hosted in an Azure web app that is hosted in an app service plan.  A friend recently gave her a free site review and recommended that she add a firewall to protect against common web-based attacks.  She wants to minimize costs and administrative effort.  What should she do?
- Provision an Application Gateway with Web Application Firewall. Configure the web app to use the application gateway rather than the intrinsic load balancer. 
- Provision an Application Gateway with Web Application Firewall. Add the web app to the backend pool for the application gateway. Configure a custom probe for the back-end configuration.  Configure an application endpoint between the virtual network and subnet hosting the application gateway and the web app. -- Correct
- Provision an Application Gateway with Web Application Firewall. Add the web app to the backend pool for the application gateway. Configure a custom probe for the back-end configuration.
- Convert her web app to an App Service Environment.  Add an Application Gateway with Web Application Firewall to the virtual network associated with the ASE and configure the ASE to use the application gateway.