Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam AZ-104 topic 5 question 54 discussion

Actual exam question from Microsoft's AZ-104
Question #: 54
Topic #: 5
[All AZ-104 Questions]

You have an Azure virtual machine named VM1.
The network interface for VM1 is configured as shown in the exhibit. (Click the Exhibit tab.)

You deploy a web server on VM1, and then create a secure website that is accessible by using the HTTPS protocol. VM1 is used as a web server only.
You need to ensure that users can connect to the website from the Internet.
What should you do?

  • A. Modify the protocol of Rule4
  • B. Delete Rule1
  • C. For Rule5, change the Action to Allow and change the priority to 401
  • D. Create a new inbound rule that allows TCP protocol 443 and configure the rule to have a priority of 501.
Show Suggested Answer Hide Answer
Suggested Answer: C ūüó≥ÔłŹ
HTTPS uses port 443.
Rule2, with priority 500, denies HTTPS traffic.
Rule5, with priority changed from 2000 to 401, would allow HTTPS traffic.
Note: Priority is a number between 100 and 4096. Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.
Note:
There are several versions of this question in the exam. The question has two possible correct answers:
1. Change the priority of Rule3 to 450.
2. For Rule5, change the Action to Allow and change the priority to 401.
Other incorrect answer options you may see on the exam include the following:
‚úĎ Modify the action of Rule1.
‚úĎ Change the priority of Rule6 to 100.
‚úĎ For Rule4, change the protocol from UDP to Any.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
mlantonis
Highly Voted 2 years, 6 months ago
Correct Answer: C HTTPS uses port 443. Rule2, with priority 500, denies HTTPS traffic. Rule5, with priority changed from 2000 to 401, would allow HTTPS traffic. Note: Priority is a number between 100 and 4096. Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.
upvoted 91 times
mlantonis
2 years, 6 months ago
Note: There are several versions of this question in the exam. The question has two possible correct answers: 1. Change the priority of Rule3 to 450. 2. For Rule5, change the Action to Allow and change the priority to 401. Other incorrect answer options you may see on the exam include the following: ‚úĎ Modify the action of Rule1. ‚úĎ Change the priority of Rule6 to 100. ‚úĎ For Rule4, change the protocol from UDP to Any. Reference: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
upvoted 38 times
YooOY
2 years, 2 months ago
Why it works with destination set to Virtualnetwork not the PublicIP ?
upvoted 2 times
aner
1 year ago
It works because Source (users on the Internet) is set to Any. The destination (web server) is ok to be VirtualNetwork because the web server's VM is a part of Virtual network.
upvoted 2 times
...
...
...
...
Moyuihftg
Highly Voted 2 years, 7 months ago
Answer C is correct Although not the best solution (opening range 50-5000, when you only whant to allow https/443)
upvoted 38 times
Sharathjogi
1 year, 11 months ago
Absolutely agree...that's what I am thinking, we are unnecessarily opening lot of ports here, instead of allowing just 443.
upvoted 5 times
ppuff
1 year, 5 months ago
microsoft testing logic lol
upvoted 4 times
...
...
...
SgtDumitru
Most Recent 1 week, 5 days ago
Only C is a viable option. Option D will not work because Rule2 will take action.
upvoted 1 times
...
JD908
5 months, 2 weeks ago
Some of these rules seem redundant e.g Rule2 and Rule5 as they are. I guess its just to throw you off.
upvoted 2 times
...
UWSFish
7 months ago
It does not speak well for Micosoft that their correct answer is very shitty IT.
upvoted 4 times
...
Phlogiston
9 months, 3 weeks ago
Yes, as many have commented, the correct answer is also a stupid answer that you would, if you were halfway competent, never implement in the real world. It is a poorly designed question that aspires to meet the goal of testing your ability to synthesis and analyze information, rather than simply regurgitate facts from memory. The best designed questions will require that you not only be able to recall facts but that you be able to use those facts to troubleshoot, resolve problems, or create solutions. However, the correct responses to the questions should not be bonkers stupid as this one is.
upvoted 6 times
...
MightyMonarch74
10 months ago
Another terrible question with a ridiculous answer that does not reflect the real world!
upvoted 5 times
...
Mohd1899
10 months, 1 week ago
Microsoft want to tell us, this is not security exam so do not expect the best secured answer is the correct one, do n't expect the best practice has been implemented for each question this is a way to stop you for a simple question thinking about which answer you should select here.
upvoted 3 times
chikorita
10 months ago
he works for microsoft
upvoted 2 times
...
...
lombri
10 months, 1 week ago
Selected Answer: D
No, it is not a good practice to open a range of ports from 400 to 500 for security reasons. In general, it is recommended to only open the specific ports that are required for a particular service to function, and to limit access to only the minimum set of IP addresses that need it. For example, in the scenario described, you only need to open port 443 to allow incoming HTTPS traffic to the web server. Opening a wider range of ports could expose the system to unnecessary security risks, as it increases the attack surface of the system. https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview https://learn.microsoft.com/en-us/azure/virtual-machines/windows/nsg-quickstart-portal https://learn.microsoft.com/en-us/azure/virtual-network/manage-network-security-group?tabs=network-security-group-portal
upvoted 2 times
Mohd1899
10 months, 1 week ago
I would agree with you if the priority for answer D is set to 499 or below in fact 501 priority eliminate this option completely because of Rule2 so the answer is C
upvoted 3 times
...
...
hubble13
10 months, 2 weeks ago
I want an option for this question as "non of the above" lol!!! Really? Are we going to get such kind of option in the exam?
upvoted 2 times
...
Asymptote
1 year ago
Selected Answer: C
This is why Microsoft always get hacked. BRAVO
upvoted 5 times
...
kusucu
1 year, 1 month ago
Selected Answer: C
mlantonis is right
upvoted 1 times
...
Kem81
1 year, 2 months ago
The correct answer for this is madness. As other users have commented, if any IT engineer left all those ports open, they would get fired lol. I know this isn't an option but surely you would just delete Rule 1 and set Rule 2 to priority 400 and allow? What is MS trying to do!? get us fired? just wow
upvoted 3 times
JohnnyChimpo
10 months, 2 weeks ago
My boss would fire my ass
upvoted 2 times
...
Kem81
1 year, 2 months ago
upon further investigation, you would also need to modify the rule to only allow internet traffic to the VM ofc. This is a really bad question and not something anyone should do in real world scenario.
upvoted 1 times
...
...
EmnCours
1 year, 3 months ago
Selected Answer: C
Correct Answer: C
upvoted 1 times
...
blasdelezo
1 year, 3 months ago
Selected Answer: C
Once traffic matches a rule, processing stops
upvoted 1 times
...
justjeroen
1 year, 5 months ago
C will only work for virtualnetwork, not for traffic from Internet
upvoted 1 times
...
Amrx
1 year, 5 months ago
Selected Answer: C
C is the right answer but damn those are a lot of ports left open lol.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...