Exam AZ-104 topic 5 question 54 discussion

Correct Answer: C HTTPS uses port 443. Rule2, with priority 500, denies HTTPS traffic. Rule5, with priority changed from 2000 to 401, would allow HTTPS traffic. Note: Priority is a number between 100 and 4096. Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.

Answer C is correct Although not the best solution (opening range 50-5000, when you only whant to allow https/443)

this is called worst firewall setup. I will like I am playing some trick game.

The only option that does it is C because A- still have deny for 443 with higher priority (rule2) B- 443 is still denied by rule2 D- 501 is not high enough (rule2 again) This question confused me because option C is very dumb, you might as well allow everything.

answer is C

Option C would do, but a pasta strainer will be better at holding water than this server will be protected.

C is right

Correct answer C: The stupidiest solution is also the correct answer...

For Rule5, change the Action to Allow and change the priority to 401, this would also expose RDP on port 3389 to public users and this does not satisfy the requirement to use the VM as web server only

Only C is a viable option. Option D will not work because Rule2 will take action.

Some of these rules seem redundant e.g Rule2 and Rule5 as they are. I guess its just to throw you off.

It does not speak well for Micosoft that their correct answer is very shitty IT.

Yes, as many have commented, the correct answer is also a stupid answer that you would, if you were halfway competent, never implement in the real world. It is a poorly designed question that aspires to meet the goal of testing your ability to synthesis and analyze information, rather than simply regurgitate facts from memory. The best designed questions will require that you not only be able to recall facts but that you be able to use those facts to troubleshoot, resolve problems, or create solutions. However, the correct responses to the questions should not be bonkers stupid as this one is.

Another terrible question with a ridiculous answer that does not reflect the real world!

Microsoft want to tell us, this is not security exam so do not expect the best secured answer is the correct one, do n't expect the best practice has been implemented for each question this is a way to stop you for a simple question thinking about which answer you should select here.

No, it is not a good practice to open a range of ports from 400 to 500 for security reasons. In general, it is recommended to only open the specific ports that are required for a particular service to function, and to limit access to only the minimum set of IP addresses that need it. For example, in the scenario described, you only need to open port 443 to allow incoming HTTPS traffic to the web server. Opening a wider range of ports could expose the system to unnecessary security risks, as it increases the attack surface of the system. https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview https://learn.microsoft.com/en-us/azure/virtual-machines/windows/nsg-quickstart-portal https://learn.microsoft.com/en-us/azure/virtual-network/manage-network-security-group?tabs=network-security-group-portal

I want an option for this question as "non of the above" lol!!! Really? Are we going to get such kind of option in the exam?