Correct Answer: C HTTPS uses port 443. Rule2, with priority 500, denies HTTPS traffic. Rule5, with priority changed from 2000 to 401, would allow HTTPS traffic. Note: Priority is a number between 100 and 4096. Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.

Answer C is correct Although not the best solution (opening range 50-5000, when you only whant to allow https/443)

C is right

Correct answer C: The stupidiest solution is also the correct answer...

For Rule5, change the Action to Allow and change the priority to 401, this would also expose RDP on port 3389 to public users and this does not satisfy the requirement to use the VM as web server only

Only C is a viable option. Option D will not work because Rule2 will take action.

Some of these rules seem redundant e.g Rule2 and Rule5 as they are. I guess its just to throw you off.

It does not speak well for Micosoft that their correct answer is very shitty IT.

Yes, as many have commented, the correct answer is also a stupid answer that you would, if you were halfway competent, never implement in the real world. It is a poorly designed question that aspires to meet the goal of testing your ability to synthesis and analyze information, rather than simply regurgitate facts from memory. The best designed questions will require that you not only be able to recall facts but that you be able to use those facts to troubleshoot, resolve problems, or create solutions. However, the correct responses to the questions should not be bonkers stupid as this one is.

Another terrible question with a ridiculous answer that does not reflect the real world!

Microsoft want to tell us, this is not security exam so do not expect the best secured answer is the correct one, do n't expect the best practice has been implemented for each question this is a way to stop you for a simple question thinking about which answer you should select here.

No, it is not a good practice to open a range of ports from 400 to 500 for security reasons. In general, it is recommended to only open the specific ports that are required for a particular service to function, and to limit access to only the minimum set of IP addresses that need it. For example, in the scenario described, you only need to open port 443 to allow incoming HTTPS traffic to the web server. Opening a wider range of ports could expose the system to unnecessary security risks, as it increases the attack surface of the system. https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview https://learn.microsoft.com/en-us/azure/virtual-machines/windows/nsg-quickstart-portal https://learn.microsoft.com/en-us/azure/virtual-network/manage-network-security-group?tabs=network-security-group-portal

I want an option for this question as "non of the above" lol!!! Really? Are we going to get such kind of option in the exam?

This is why Microsoft always get hacked. BRAVO

mlantonis is right

The correct answer for this is madness. As other users have commented, if any IT engineer left all those ports open, they would get fired lol. I know this isn't an option but surely you would just delete Rule 1 and set Rule 2 to priority 400 and allow? What is MS trying to do!? get us fired? just wow

Correct Answer: C