What Azure service enables you to implement DDoS protection?

The correct option is Azure DDoS Protection because it is specifically designed to defend against Distributed Denial of Service (DDoS) attacks. This service continuously monitors and mitigates DDoS threats in real-time, ensuring that applications hosted on Azure remain available and responsive during an attack. It provides a set of capabilities such as automatic attack detection, adaptive tuning, and advanced analytics, making it a comprehensive solution for safeguarding resources against volumetric and protocol attacks.

Azure Firewall, Azure Application Gateway, and Azure Intrusion Detection System serve different security purposes. While Azure Firewall is focused on filtering traffic and managing network security rules, the Application Gateway is used primarily for application traffic load balancing and includes features like Web Application Firewall (WAF) for protecting web applications from common vulnerabilities. The Intrusion Detection System is designed to detect and log suspicious activity but does not specifically address DDoS threats. Therefore, Azure DDoS Protection is the dedicated solution tailored for mitigating DDoS attacks effectively.