Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam AZ-103 topic 4 question 38 discussion

Actual exam question from Microsoft's AZ-103
Question #: 38
Topic #: 4
[All AZ-103 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer named Computer2.
You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2.
Solution: You export the client certificate from Computer1 and install the certificate on Computer2.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A ūüó≥ÔłŹ
Each client computer that connects to a VNet using Point-to-Site must have a client certificate installed. You generate a client certificate from the self-signed root certificate, and then export and install the client certificate. If the client certificate is not installed, authentication fails.
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
JayLearn2022
9 months, 2 weeks ago
There are several versions of this question. The following are the correct and incorrect answers that can be presented. Correct Answer: Meets the goal. -Solution: You export the client certificate from Computer1 and install the certificate on Computer2. Incorrect Answers: Does not meet the goal. -Solution: You join Computer2 to Azure Active Directory (Azure AD). -Solution: You modify the Azure Active Directory (Azure AD) authentication policies.
upvoted 1 times
...
Bogdan_85
1 year ago
Selected Answer: A
"You may generate multiple client certificates from the same root certificate. When you generate client certificates using the steps below, the client certificate is automatically installed on the computer that you used to generate the certificate. If you want to install a client certificate on another client computer, you can export the certificate." From here: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site#clientcert So, A-Yes is the correct answer.
upvoted 1 times
...
stillface
1 year, 2 months ago
"A. Yes" is correct.
upvoted 1 times
...
knc
3 years, 2 months ago
Documentation mentions clearly about reusing the client cert on another computer. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site#clientcert
upvoted 1 times
...
bjoernhoefer
3 years, 7 months ago
it might work - at leat until they both try to connect... From a security aspect - copying certificates is pure nonsense....
upvoted 4 times
Charl
3 years, 7 months ago
This will work, I have implemented P2S with the same cert. as for security the replication of cert's are near to impossible so only if you have the configuration and the Specified Cert in your P2S configuration will it work, otherwise, you will have no connection.
upvoted 1 times
...
asdfgh1234567
3 years, 7 months ago
What difference does it make whether the certificate is a duplicate? Provided the certificate is referencing the same private key then it doesn't matter. Firewalls, load balancers, web proxies, web servers all do exactly this.
upvoted 5 times
...
...
mjq
3 years, 7 months ago
is this correct? I assumed you'd need to generate a new self-signed certificate and not re-use Computer 1s?
upvoted 3 times
Bogdan_85
1 year ago
"You may generate multiple client certificates from the same root certificate. When you generate client certificates using the steps below, the client certificate is automatically installed on the computer that you used to generate the certificate. If you want to install a client certificate on another client computer, you can export the certificate." From here: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site#clientcert So, A-Yes is the correct answer.
upvoted 1 times
...
johndoee
3 years, 7 months ago
it is correct: https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-how-to-vpn-client-install-azure-cert
upvoted 2 times
...
Charl
3 years, 7 months ago
I have tested this,re-use computer1, you will always use the installed certificate on Computer1 as this is the certificate generated in your P2S connection to establish the first initial connection. No specific reason I have found that this is the quickest and easiest way not to have issues when installing the cert in the future on other/new Computers.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...