Exam AZ-104 topic 5 question 54 discussion

Correct Answer: C HTTPS uses port 443. Rule2, with priority 500, denies HTTPS traffic. Rule5, with priority changed from 2000 to 401, would allow HTTPS traffic. Note: Priority is a number between 100 and 4096. Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.

Answer C is correct Although not the best solution (opening range 50-5000, when you only whant to allow https/443)

It does not speak well for Micosoft that their correct answer is very shitty IT.

Yes, as many have commented, the correct answer is also a stupid answer that you would, if you were halfway competent, never implement in the real world. It is a poorly designed question that aspires to meet the goal of testing your ability to synthesis and analyze information, rather than simply regurgitate facts from memory. The best designed questions will require that you not only be able to recall facts but that you be able to use those facts to troubleshoot, resolve problems, or create solutions. However, the correct responses to the questions should not be bonkers stupid as this one is.

Another terrible question with a ridiculous answer that does not reflect the real world!

Microsoft want to tell us, this is not security exam so do not expect the best secured answer is the correct one, do n't expect the best practice has been implemented for each question this is a way to stop you for a simple question thinking about which answer you should select here.

No, it is not a good practice to open a range of ports from 400 to 500 for security reasons. In general, it is recommended to only open the specific ports that are required for a particular service to function, and to limit access to only the minimum set of IP addresses that need it. For example, in the scenario described, you only need to open port 443 to allow incoming HTTPS traffic to the web server. Opening a wider range of ports could expose the system to unnecessary security risks, as it increases the attack surface of the system. https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview https://learn.microsoft.com/en-us/azure/virtual-machines/windows/nsg-quickstart-portal https://learn.microsoft.com/en-us/azure/virtual-network/manage-network-security-group?tabs=network-security-group-portal

I want an option for this question as "non of the above" lol!!! Really? Are we going to get such kind of option in the exam?

This is why Microsoft always get hacked. BRAVO

mlantonis is right

The correct answer for this is madness. As other users have commented, if any IT engineer left all those ports open, they would get fired lol. I know this isn't an option but surely you would just delete Rule 1 and set Rule 2 to priority 400 and allow? What is MS trying to do!? get us fired? just wow

Correct Answer: C

Once traffic matches a rule, processing stops

C will only work for virtualnetwork, not for traffic from Internet

C is the right answer but damn those are a lot of ports left open lol.

C is correct and as per other comments

mlantonis is yet again correct