ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-103 All Questions

View all questions & answers for the AZ-103 exam
Go to Exam

Exam AZ-103 topic 4 question 28 discussion

Actual exam question from Microsoft's AZ-103
Question #: 28
Topic #: 4
[All AZ-103 Questions]

You have an Azure virtual machine named VM1.
The network interface for VM1 is configured as shown in the exhibit. (Click the Exhibit tab.)

You deploy a web server on VM1, and then create a secure website that is accessible by using the HTTPS protocol. VM1 is used as a web server only.
You need to ensure that users can connect to the website from the internet.
What should you do?

  • A. Create a new inbound rule that allows TCP protocol 443 and configure the protocol to have a priority of 501.
  • B. For Rule5, change the Action to Allow and change the priority to 401.
  • C. Delete Rule1.
  • D. Modify the protocol of Rule4.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Rule 2 is blocking HTTPS access (port 443) and has a priority of 500.
Changing Rule 5 (ports 50-5000) and giving it a lower priority number will allow access on port 443.
Note: Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops.
Incorrect Answers:
A: Rule 2 is blocking HTTPS access (port 443) and has a priority of 500. Creating a rule for the same protocol (443) with a higher priority number will not help.
C: Rule 1 blocks access to port 80, which is used for HTTP, not HTTPS.
D: Rule 2 is blocking HTTPS access (port 443). Changing Rule 4 allows access on UDP but is a higher priority number than Rule. Changing the protocol on Rule
4 to TCP will not help if we don't also change the priority to a lower number.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
by aurelijus at March 20, 2020, 2:58 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mojo13
Highly Voted 5 years, 2 months ago
The answer is correct. HTTPS is on Port 443 inbound. This is the only port needed to be open for secure connections to the web server.
upvoted 24 times
mojo13
5 years, 2 months ago
And also the rule that allows port 443 to be in the correct order. In this case before the Deny 443 rule from top to down.
upvoted 3 times
...
praveen97
4 years, 11 months ago
yes, answers are correct.
upvoted 1 times
...
...
aurelijus
Highly Voted 5 years, 2 months ago
This is ridiculous. It's used only as a secure web server, bet the solution is to open up a bunch of random ports..
upvoted 17 times
Exam103
5 years, 2 months ago
indeed... Better solution was to edit Rule 2, remove port 80 and change it to allow.
upvoted 6 times
FrancisFerreira
5 years, 2 months ago
It is a certification test, adderall. They gotta overcomplicate things sometimes.
upvoted 13 times
...
...
...
Voldemort
Most Recent 3 years, 8 months ago
Correct Answer: HTTPS uses port 443. Rule2, with priority 500, denies HTTPS traffic. Rule5, with priority changed from 2000 to 401, would allow HTTPS traffic. Note: Priority is a number between 100 and 4096. Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.
upvoted 1 times
...
I
4 years, 3 months ago
Correct! Here should be very clear and careful! Rule1 and Rule2 are all blocking HTTP and HTTPs, so only delete Rule1 is not enough. And the rules' priority is also one very important key should be concerned.
upvoted 1 times
...
curro_67
4 years, 4 months ago
Answer is correct
upvoted 1 times
...
NickyDee
4 years, 5 months ago
D is a trick. Pays to read top-down on this one
upvoted 2 times
_tellah_
4 years, 4 months ago
If I see the rule 4 which is that to change it protocol to TCP should be considered as an answer, as if we change the priority of that rule and change it to Allow it would make more ports available to internet and that could be the risk for the VM.
upvoted 1 times
_tellah_
4 years, 4 months ago
that to change the protocol *
upvoted 1 times
_tellah_
4 years, 4 months ago
In the reference of Rule 5 I mentioned about the ports issues
upvoted 1 times
...
...
...
...
babu_ck
4 years, 9 months ago
Guys who are saying B is correct, not sure if they have seen the Action for rule 5 is Deny. So not sure how changing the priority is going to help here. To me the close answer would be option D (Modify the protocol to TCP instead of UDP). I know the fact that it will allow much more than TCP port 443 but question does not say that NSG should allow only 443.
upvoted 1 times
Charchar
4 years, 8 months ago
The answer for B includes "change the Action to Allow", so your statement is incorrect. The answer also cannot possibly be D, as HTTPS will still be blocked by Rule 2. B is the only logical answer, albeit extremely overkill and not something I would do in production.
upvoted 2 times
tezawynn
4 years, 6 months ago
I was also wondering, what would changing this priority do anything. I totally missed out the bit that says, change the Action to Allow. If you change it to allow, and set lower priority than the deny rule, then ofcourse B is the answer. Thanks
upvoted 2 times
...
...
...
B1T3X
4 years, 10 months ago
None of these are quite correct in my opinion. The proper solution would be to edit out port 80 and change the action to allow. There's no reason to change the priority anyway... It doesn't accomplish anything in the current setting
upvoted 1 times
...
_syamantak
4 years, 10 months ago
Guys with guns to judsge what could have been a better solution, hang on! You aren't asked to redesign anything . All you have to choose from the following answers to pick the right one and move to next qs. B is right answer from the given choices
upvoted 7 times
...
Shades
4 years, 10 months ago
Came in exam 1st Aug 2020
upvoted 5 times
...
Examenkandidaat
4 years, 10 months ago
Answer is correct, HTTPS is on port 443.
upvoted 2 times
...
AzExam2020
4 years, 11 months ago
I agree, that will allow may ports.
upvoted 1 times
...
raj10207
4 years, 11 months ago
Came in Exam , Exam given on 06.07.2020
upvoted 3 times
...
ganesh_wani
4 years, 11 months ago
We have to choose from given option. We can not just create our own answer. So B is correct one
upvoted 4 times
...
Pank22
4 years, 11 months ago
Can we not simply create a new rule (A) and give 443 access with priority 200 or 301?
upvoted 3 times
...
ashutoshud
4 years, 11 months ago
Its confusing as we dont use port 80(http) we are using port 443(https) so given answer is correct
upvoted 2 times
...
cucuff
5 years ago
Answer B is correct.This is a BIG security hole, but the only option to permit inbound traffic from port 443
upvoted 5 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel