ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-700 All Questions

View all questions & answers for the AZ-700 exam
Go to Exam

Exam AZ-700 topic 5 question 19 discussion

Actual exam question from Microsoft's AZ-700
Question #: 19
Topic #: 5
[All AZ-700 Questions]

HOTSPOT
-

You have an Azure subscription that contains the resources shown in the following table.



You purchase a certificate for app1.contoso.com from a public certification authority (CA) and install the certificate on appservice1.

You need to ensure that App1 can be accessed by using a URL of https://app1.contoso.com. The solution must ensure that all the traffic for App1 is routed via FD1.

Which type of DNS record should you create, and where should you store the certificate? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by jonav94 at May 7, 2023, 1:27 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
jonav94
Highly Voted 1 year, 12 months ago
I disagree with proposed answers, they must be: DNS: CNAME (When you added a custom domain to your Front Door's frontend hosts, you created a CNAME record in the DNS table of your domain registrar to map it to your Front Door's default .azurefd.net hostname) Store certificate in: KeyVault1 (Your key vault must be configured to use the Key Vault access policy permission model.) There you have a link with all explained https://learn.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https.
upvoted 27 times
...
crypto700
Highly Voted 1 year, 12 months ago
The Right answers are: 1-CNAME 2- Key Vault 1 https://learn.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https Key Vault access policy permission model.
upvoted 16 times
...
bobothewiseman
Most Recent 3 months, 1 week ago
1-CNAME 2- Key Vault 1 https://learn.microsoft.com/en-us/azure/key-vault/general/security-features
upvoted 1 times
...
7fc1047
6 months, 1 week ago
RBAC is best practise for Key Vault When adding a domain to Azure Front Door, a unique value for the TXT record is provided. Once the domain is validated, the TXT record can be deleted from the DNS server.
upvoted 1 times
xRiot007
2 weeks, 6 days ago
RBAC is best practice, but not supported by App Service certificates. https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-app-service-certificate?tabs=portal#store-the-certificate-in-azure-key-vault - point 4
upvoted 1 times
...
...
cerifyme85
1 year, 2 months ago
https://learn.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https#:~:text=Your%20key%20vault%20must%20be%20configured%20to%20use%20the%20Key%20Vault%20access%20policy%20permission%20model
upvoted 1 times
...
Murad01
1 year, 4 months ago
Appeared on Exam November - 2023
upvoted 2 times
...
Murad01
1 year, 4 months ago
Appeared on Exam November-2023
upvoted 1 times
...
Lazylinux
1 year, 6 months ago
Confusing to say least At first based on the fact that KV Access Policy is legacy now and MS is recommending migration from it and implementation of RBAC, this is true for almost everything in Azure with exception App Services, no support yet for RBAC as per MS comment and the link below, I was going to chose KV with RBAC but based on the above the correct answer is KV with Access Policy model https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-app-service-certificate?tabs=portal as of 28 July 2023 of the above article “App Service certificates support only Key Vault access policies, not the RBAC model.” continued ...
upvoted 4 times
Lazylinux
1 year, 6 months ago
here more As for the Custom domain with Azure FD, well quite NOT clear if the domain had been validated? If NOT than TXT record needs be created first than once domain validated CNAME is created to associate the custom domain to Azure FD endpoint Now Assumption, because we already have Azure public DNS zone named contoso.com and app1 is going to be subdomain hence the domain is already validated and the next step is CNAME See this video goes through whole process https://www.youtube.com/watch?v=mVNB59VK-DQ
upvoted 4 times
...
...
raffykian
1 year, 8 months ago
cname and keyvault 1 - on exam 8-23
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago