Microsoft Azure Fundamentals AZ-900 Practice Exam 2025 – Complete Study Resource

DDoS protection is the appropriate service to use for preventing your public-facing website from being overwhelmed by an attack, specifically by Distributed Denial of Service (DDoS) attacks. DDoS attacks aim to make a service unavailable by flooding it with traffic, which can lead to service outages and disruption.

DDoS protection in Azure is specifically designed to detect and mitigate these attacks in real-time, enabling the website to maintain availability even during an attack. This service includes features like always-on traffic monitoring and automatic attack mitigation, which are crucial for maintaining performance and availability.

While other options mentioned have their own security functions, they address different aspects of network and application security rather than the specific threat of DDoS attacks. For example, Azure Firewall provides network filtering and protection, focusing on controlling traffic flow and securing access, while Network Security Groups are used for managing inbound and outbound traffic at the subnet or network interface level. Application Gateway can provide some features like Web Application Firewall (WAF) and load balancing but does not specifically target DDoS threats. Therefore, DDoS protection is the specialized service that directly addresses the need to safeguard a public-facing website from overwhelming traffic due to attacks.