ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-486 All Questions

View all questions & answers for the 70-486 exam
Go to Exam

Exam 70-486 topic 1 question 184 discussion

Actual exam question from Microsoft's 70-486
Question #: 184
Topic #: 1
[All 70-486 Questions]

You plan to deploy an ASP.NET Core MVC web application to an internal server cluster that runs Kestrel on Linux. The server cluster hosts many other web applications. All applications are behind a Nginx load balancer.
You need to ensure that the application meets the following requirements:
✑ Secure against man-in-the-middle attacks.
✑ Allow Open ID Connect authentication.
✑ Cache responses using HTTP caching.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Bind Kestrel to port 0.
  • B. Terminate Secure Sockets Layer (SSL) in Kestrel.
  • C. Configure ASP.NET Core to use forwarded headers.
  • D. Enable the proxy_cache_bypass module.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
A: When the port number 0 is specified, Kestrel dynamically binds to an available port. When the app is run, the console window output indicates the dynamic port where the app can be reached.
C: Because requests are forwarded by reverse proxy, we must use the Forwarded Headers Middleware from the Microsoft.AspNetCore.HttpOverrides package.
The middleware updates the Request.Scheme, using the X-Forwarded-Proto header, so that redirect URIs and other security policies work correctly.
References:
https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-nginx?view=aspnetcore-2.2 https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel?view=aspnetcore-2.2
by this_is_sparta at Feb. 2, 2020, 12:14 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
this_is_sparta
Highly Voted 5 years, 3 months ago
Why do we need "Kestrel dynamically binds to an available port"? Doesn't make sense to me. But we need SSL to "Secure against man-in-the-middle attacks.". So my answere is "B" and "C".
upvoted 5 times
peterp
5 years, 2 months ago
B says "Terminate Secure Sockets Layer (SSL) in Kestrel." - so this won't help to secure against man-in-the-middle attacks.
upvoted 6 times
...
...
zimzimzimma
Highly Voted 4 years, 10 months ago
FINAL ANSWER: A, C
upvoted 5 times
...
aarset89
Most Recent 4 years, 11 months ago
Answer "A" have no sense to me. They said that server cluster is hosting many other web applications. Correct ones B&C.
upvoted 1 times
Potey
4 years, 7 months ago
A => because on the machine are many web pages (so the app will automatically search for a free port and use it, instead of being blocked by other app)
upvoted 1 times
...
...
Phantasm
5 years, 2 months ago
C;D. but not enough
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago