ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-203 All Questions

View all questions & answers for the MS-203 exam
Go to Exam

Exam MS-203 topic 1 question 33 discussion

Actual exam question from Microsoft's MS-203
Question #: 33
Topic #: 1
[All MS-203 Questions]

Your on-premises network contains a proxy server and a firewall. The proxy server is configured to inspect the contents of HTTP and HTTPS sessions to identify disallowed content. Only the proxy server can connect to the internet through the firewall.
You implement Microsoft Exchange Online.
Users report that they receive an error message when they attempt to connect to their mailbox by using Microsoft Outlook.
From the internal network, you connect to https://outlook.office.com/mail and discover a certificate error.
You discover that the certificate error contains information about a certificate issued by your company's internal certification authority (CA).
You need to ensure that all the users can connect successfully to their mailbox.
What should you do?

  • A. Install a new root CA certificate on the client computer of each user.
  • B. Configure client computers to bypass the proxy server when they access https://*.microsoft.com.
  • C. Disable HTTPS content inspection on the proxy server.
  • D. Install a new root CA certificate on the proxy server.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by scotths at May 26, 2021, 6:48 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Amir1909
5 months, 1 week ago
C is correct
upvoted 1 times
...
Faheem2020
1 year, 2 months ago
Selected Answer: A
If installing root CA is the solution to this problem, you would do that in the client end and not the server end. Also in the link provided by the admin in the reference, the solution points to installing root CA in the client computer
upvoted 2 times
...
PawelNotts
1 year, 7 months ago
Selected Answer: A
Client creates a SSL connection to Microsoft, this is then intercepted by proxy server which creates a second connection using its own certificate and uses that to talk to Microsoft. It then needs to pass the response back to the client. Client needs to trust the root CA.
upvoted 2 times
...
FerArayaC
2 years ago
Selected Answer: D
The certificate error is coming from an internal issuer. Pointing to the Certificate in communication between clients and the internet. Make sense to just check and configure a new root CA certificate on the proxy. Installing a root CA on each user's computer will take some time and will be slow to fix the issue
upvoted 2 times
...
SpawnMx
2 years ago
In my Job we have that scenario. We solved that with C for the web navigation and A for the Exchange On Premise- The Question states: "---issued by your company's internal certification authority (CA)." Then the client must know as Root CA the company's internal CA. We do that with a AD Domain GPO. For Web navigation (in our case, NOT the Question), the Proxy hast another certificate, self-signed. Adding the certificate as Root CA in the Domain allowed users to trust the certificate and browse the Internet through the Proxy.
upvoted 2 times
SpawnMx
2 years ago
I mean "D " not C!! Sorry Ican't edit the comment
upvoted 1 times
...
...
ARYMBS
2 years, 1 month ago
Selected Answer: A
It's either A or D… Reasoning: A - YES. Your computer doesn't trust new CA root certificate which issued new certificate to your Proxy server. B - NO. you connect to https://outlook.office.com/mail but you want to bypass "https://*.microsoft.com."… Really? C - NO. You want to disable all https inspection for one URL? Might as well disable your LAN router firewall as well then… D - NO. Your proxy already uses new CA issued certificate however clients PCs doesn’t trust new CA root certificate. Installing not trusted certificate on Proxy server doesn't solve this for client machines. Also when do you want to install CA certificate with private key anywhere else besides CA server itself?
upvoted 3 times
...
ttlab
2 years, 3 months ago
I think should be C. Install root CA on proxy server won't fix the certificate issue itself.
upvoted 2 times
...
KennethYY
2 years, 7 months ago
i think is A, the issue PC not trust the root CA. not the proxy server not trust the root CA B,C also work but i think not easy
upvoted 2 times
...
Dooa
2 years, 10 months ago
All B C and D should solve the problem.
upvoted 2 times
...
scotths
2 years, 11 months ago
I am really torn between A and D. If your pc does not trust the cert then surely need to install locally. A However if the cert was just issued and the chain was not imported then D
upvoted 2 times
Bobalo
2 years, 9 months ago
D is the easiest solution. You need a complete certificate chain on HTTPS virtual server/proxy, or you will get an error when connecting. It's also an internal CA, so the root certificate should already be available to clients. Given answer is correct.
upvoted 7 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago