ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-103 All Questions

View all questions & answers for the AZ-103 exam
Go to Exam

Exam AZ-103 topic 13 question 1 discussion

Actual exam question from Microsoft's AZ-103
Question #: 1
Topic #: 13
[All AZ-103 Questions]

You are planning the move of App1 to Azure.
You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1.
What should you do?

  • A. Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
  • B. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.
  • C. Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.
  • D. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
As App1 is public-facing we need an incoming security rule, related to the access of the web servers.
Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers: a SQL database, a web front end, and a processing middle tier.
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
by rooafzapapi at June 1, 2020, 10:07 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nfett
Highly Voted 5 years, 1 month ago
where is the key word outgoing here? its incoming to 443 on the web servers. i would think an NSG allowing only access to the specific web servers is required thus their answer A is right.
upvoted 6 times
...
jjkidd72
Most Recent 4 years, 11 months ago
"You are planning the move of App1 to Azure." These Qs man...you gotta think as if App1 is 'already' in Azure. Therefore it will be an 'incoming' Rule for 'Internet users'. Answer A is correct.
upvoted 1 times
...
jonalejm
4 years, 11 months ago
I makes me so mad when I don't read the answers correctly and answer wrong but knowing the right answer....
upvoted 3 times
...
rooafzapapi
5 years, 2 months ago
I thought the answer was B? . the key word is outgoing? and to all subnets... this is because inbound port 443 accepts traffic??
upvoted 1 times
Eitant
5 years, 2 months ago
Yes, inbound port accepting traffic. if you will assign the NSG to all the subnets you will apply the rules to all the VM's on those subnets
upvoted 2 times
...
macco455
5 years, 1 month ago
GIven answer is CORRECT: 443 does not accept traffic by default. That needs to be specifically entered into the NSG inbound rules for the web servers to be able to accept traffic fron the internet/public facing app. No need to apply to all subnets as that will be overkill and added ports open that don't need to be.
upvoted 2 times
macco455
5 years, 1 month ago
Sorry I mistyped. Given answer is INCORRECT, CORRECT answer is B NOT A based on reasoning mentioned above
upvoted 1 times
macco455
5 years, 1 month ago
SOrry gang..looks like answers got switched up or I'm blind. Currently answer is A which is Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers. Sorry for the confusion.
upvoted 11 times
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel