ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-304 All Questions

View all questions & answers for the AZ-304 exam
Go to Exam

Exam AZ-304 topic 2 question 4 discussion

Actual exam question from Microsoft's AZ-304
Question #: 4
Topic #: 2
[All AZ-304 Questions]

DRAG DROP -
Your company has users who work remotely from laptops.
You plan to move some of the applications accessed by the remote users to Azure virtual machines. The users will access the applications in Azure by using a point-to-site VPN connection. You will use certificates generated from an on-premises-based Certification authority (CA).
You need to recommend which certificates are required for the deployment.
What should you include in the recommendation? To answer, drag the appropriate certificates to the correct targets. Each certificate may be used once, more than once, of not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
by MaxBlanche at Dec. 1, 2020, 8:36 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
MaxBlanche
Highly Voted 4 years, 5 months ago
The last answer is wrong, the VPN Gateway should have the Root certificate with the public key installed (https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-rm-ps#upload).
upvoted 135 times
Ario
3 years, 7 months ago
agree last one should be same as first one
upvoted 5 times
...
Rayrichi
4 years, 4 months ago
agree. Last answer is Root certificate with the public key
upvoted 11 times
Mj11Az
3 years, 10 months ago
But each cert can be used once so it cant be ROOT public 2 times?
upvoted 2 times
Amit3
3 years, 10 months ago
The ques say you can use each certificate more than once.
upvoted 1 times
...
FinMessner
3 years, 3 months ago
READ THE QUESTION! I'm so sick of people commenting that just add confusion by not reading the question. If you can't read then you don't need to be testing for Azure Architect.
upvoted 18 times
kilowd
2 years, 10 months ago
As much as he is wrong there is no need for you to be so harsh on him..everyone makes mistakes, u can also be wrong sometimes so chill and be polite plz
upvoted 5 times
...
...
...
...
...
gp777
Highly Voted 4 years, 3 months ago
Root public User Private Root Public
upvoted 71 times
AD3
3 years, 2 months ago
For point-to-site connection using VPN. The user's public key is provided to the remote which is the gateway. User keeps it's private key with him/her on his/her laptop.
upvoted 1 times
...
...
heero
Most Recent 2 years, 7 months ago
The last answer is wrong, the VPN Gateway should have the Root certificate with the public key
upvoted 2 times
...
senseibrutal
2 years, 9 months ago
correcto
upvoted 1 times
...
Snownoodles
3 years ago
The third answer should be root certificate(public key), this is why: https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about "The validation of the client certificate is performed by the VPN gateway and happens during establishment of the P2S VPN connection" When establish P2S VPN, only client certificate verification is required, client certificate is signed by root private key, so root public key is required on VPN gateway to validate client certificate.
upvoted 3 times
...
teyol51117
3 years, 1 month ago
This was in an exam today.
upvoted 2 times
...
itenginerd
3 years, 1 month ago
I've deployed this in production: Root cert (public key only) goes to the user systems in Trusted Root. User cert (must have private key) goes to the user systems in Personal. Root cert (public key only) goes to Azure as described in the how-to docs.
upvoted 3 times
...
plmmsg
3 years, 1 month ago
- Root CA with public key - User Certificate with private key - Root CA with public key
upvoted 1 times
...
anto64
3 years, 3 months ago
BOX1: root CA private BOX2: user private BOX3: root CA public https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site#clientcert https://www.youtube.com/watch?v=Ur0WNjnXJrU
upvoted 1 times
AD3
3 years, 2 months ago
BOX3 is User's public key. If you don't give your public key to the remote which is VPN gateway, your private key encryption when reaches the gateway can't be unencrypted. Understand it's key-pair which gives you ability to communicate securely with the other party. As a user you keep your private key and give your public key to others with whom you want to communicate.
upvoted 2 times
AD3
3 years, 2 months ago
Basically the answer given by the moderator is correct.
upvoted 1 times
...
...
AD3
3 years, 2 months ago
Why would root CA give up their private key to others? Assume you are the CA authority and have your private key. Would you give your private key or your public key to others?
upvoted 2 times
...
itenginerd
3 years, 1 month ago
From your doc link: After creating a self-signed root certificate, export the root certificate public key .cer file (not the private key). You will later upload this file to Azure. Box 2 and 3 are correct. Box 1 is root public, tho. The root CA private key is the most private/important piece of the certificate identity chain. You would never ever upload it for any purpose like this--that's like pasting your password into chat.
upvoted 1 times
...
...
tinchohd
3 years, 4 months ago
in the Q#3 VPN Gateway - when you configure the azure VPN gateway certificate asked you to upload the root Certificate... end of discussion, and of course is public. Q1 and Q2 are correct
upvoted 1 times
...
ivanmung
3 years, 4 months ago
Root public User Private User Public cert to decrypt user’s ssl vpn that encrypted by user’s private cert
upvoted 5 times
pruntelnetworks
3 years, 3 months ago
public cert is used to encrypt, private is used to decrypt. Not other way around.
upvoted 2 times
...
...
Gtese
3 years, 6 months ago
answer is corrct. third box, vpn gateway get and store a certificate(public key)(web host) from trust CA. never share private key with the others ,keep it security!
upvoted 2 times
...
syu31svc
3 years, 7 months ago
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal#uploadfile upload public root certificate data to Azure 1st and 3rd drop downs are the same; root certificate with public key 2nd drop down is user with private key based on the term "Personal" (just my own reasoning for this one)
upvoted 3 times
...
poplovic
3 years, 7 months ago
This is a typical two-way auth process. On the client laptop 1. To verify the Gateway (server), you need a public Root cert (cert chain to gateway's leaf cert) in the trust cert store. 2. To prove your own identity, you need a user cert with private key in MY cert store. The gateway needs to verify client's public cert, therefore a Root cert (cert chain to client's leaf cert) is needed. The correct answer Root public (chain to gateway's leaf cert) User private Root public (chain to client's leaf cert)
upvoted 5 times
...
souvik123
3 years, 7 months ago
- Root CA with public key - User Certificate with private key - Root CA with public key
upvoted 5 times
...
Gautam1985
3 years, 8 months ago
VPN --> Root Certificate with public key. Rest two question aswer is correct
upvoted 2 times
...
souvik123
3 years, 8 months ago
- Root CA with public key - User Certificate with private key - Root CA with public key
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago