You need to configure WebApp1 to meet the data and application requirements. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A.
Upload a public certificate.
B.
Turn on the HTTPS Only protocol setting.
C.
Set the Minimum TLS Version protocol setting to 1.2.
D.
Change the pricing tier of the App Service plan.
E.
Turn on the Incoming client certificates protocol setting.
B. Turn on the HTTPS Only protocol setting. (x) > To force 'mutual auth' you must turn off HTTP
E. Turn on the Incoming client certificates protocol setting. (X) > must set it to 'Require'
To enforce mutual authentication for WebApp1, the correct actions would be:
A. Upload a public certificate
Mutual authentication requires the server to present a certificate to the client, and for the client to present its certificate back to the server. Uploading a public certificate is a necessary step to configure the server-side of mutual authentication.
E. Turn on the Incoming client certificates protocol setting
This setting enables the application to request and validate client certificates, a key requirement for mutual authentication.
The other options do not directly relate to enforcing mutual authentication:
B (HTTPS Only): Ensures secure communication but doesn't enforce mutual authentication.
C (Minimum TLS Version 1.2): Improves security protocols but doesn't enforce mutual authentication.
D (Change Pricing Tier): The pricing tier may enable additional features but isn't directly required for mutual authentication.
Someone please correct me if I'm wrong but since the website is already accessible via https then option E would already be on. So the answer may be B & C? Seems to fit best
Incorrect, the setting under TTL/SSL in the left pane shows the following:
HTTPS Only: (Hover of (I) for info: Enable this feature to redirect all HTTP traffic to HTTPS
A. We know that the app il already accessible by using https://, so a public certificate is already configured. => NO
B. The requirement is to ENFORCE mutual authentication so HTTPS only must be activated. And we know that the app is currently accessible using http:// so this setting is not turned on. => YES
C. The TLS version is not relevant, it's just a security increase. => NO
D. The app is already accessible with https:// meaning that the actual pricing tier already supports TLS/SSL (Basic tier minimum). => NO
E. This settings is not turned on by default and is mandatory for mutual authentication. => YES
https://learn.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth?tabs=azurecli
HTTPS Access Doesn't Imply mTLS. The fact that WebApp1 is accessible via https://www.litwareinc.com confirms that the server certificate is configured for standard HTTPS. It says nothing about whether mutual TLS (client certificate authentication) is enabled.
Mutual TLS Requires Explicit Configuration. Mutual TLS is not automatic. It requires specific configuration steps on the server-side (the Azure Web App, in this case) and client-side code changes.
A and E
A. Upload a public certificate: You must upload the public certificate of the CA that issued the client certificate that WebApp1 will use.
E. Turn on the Incoming client certificates protocol setting: You must enable this setting ("Require" or "Allow") to tell the Azure Web App to request a client certificate during the TLS handshake.
BE is the answer.
https://learn.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth?tabs=azurecli
You can restrict access to your Azure App Service app by enabling different types of authentication for it. One way to do it is to request a client certificate when the client request is over TLS/SSL and validate the certificate. This mechanism is called TLS mutual authentication or client certificate authentication.
B is there by defafult ((HTTPS only) so no need to configure it.
A is required (need to have a cert for encrypted communication)
E is required for mutual AuthN
Minimum TLS version is not specified so can't be C
we have no information on pricing tier. We can just guess it's not shared plan so can't be D.
Description says that IS already available via https and http. So we already have a certificate (A is not required) but http is allowed (B is required).
A. Upload a public certificate.
No. It helps you secure internet connections by encrypting data sent between your browser, websites that you visit, and the website server.
B. Turn on the HTTPS Only protocol setting. Most Voted
Yes. If you access your site over HTTP and not HTTPS, you will not receive any client certificate. So if your application requires client certificates, you should not allow requests to your application over HTTP.
C. Set the Minimum TLS Version protocol setting to 1.2.
No. Not relevant
D. Change the pricing tier of the App Service plan.
Probably. There is no info about current pricing tier. Make sure that your web app isn't in the F1 or D1 tier, which doesn't support custom TLS/SSL
E. Turn on the Incoming client certificates protocol setting.
Yes. From the left navigation of your app's management page, select Configuration > General Settings. Set Client certificate mode to Require. Click Save at the top of the page.
Source: https://learn.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth
It's mutual authentication.
So we need a certificate for the server => Then A. Upload a certificate
and we need to force client certificate ==> Then E (as described by Microsoft doc).
B.Turn on the HTTPS Only protocol setting. => is not mandatory to enable client certificate.
Error from my comment, it's B, because A is a public certificate. FOr the server we need to have the private key. The last good answer is then B.
Good answer: BE
It's a bit confusing but I would go with BE.
Reference: https://learn.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth
For webapp1, it can be accessed by both HTTP and HTTPS.
[If you access your site over HTTP and not HTTPS, you will not receive any client certificate. So if your application requires client certificates, you should not allow requests to your application over HTTP.] So turn on HTTPS only protocol setting is required.
Then the steps listed are:
1. Check the pricing tier
2. Enable client certificates (set client cert mode to required). It's not the exact same wording as E but I think they are saying the same thing.
In this case scenario the Azure Security Center tier is set to standard but we don't know the app tier so I would not go with D.
1. Since WebApp1 is already support both https and http, so TLS version should be already on 1.2, and App Service plan should be already upgraded to standard or above (Not free option).
2. To meet mutual authentication, need to disable Http, and allow Https only. And also need to enable Client certificate mode to Require.
So option B and option E should be selected.
WebApp is accessible by using "HTTPS" and "HTTP", taking that into consideration, we clearly need to enforce HTTPS only [1]. The study case doesn't mention in which tier the WebApp is hosted, so it's kinda unclear if we need that or not.
Finally, "client certificate mode" must be required, this setting is under the "Incoming client certifications" app setting.
I'd go for :
B and E (Although the wording for the option "E" is not so clear, I would go with it)
[1] "If you access your site over HTTP and not HTTPS, you will not receive any client certificate. So if your application requires client certificates, you should not allow requests to your application over HTTP."
-
https://docs.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth
This section is not available anymore. Please use the main Exam Page.AZ-500 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
thienvupt
Highly Voted 3 years, 11 months agoHot_156
3 months, 3 weeks agoFicus22
3 years, 10 months agoJohn_mcclane
3 years, 8 months agowooyourdaddy
3 years, 6 months agosigvast
Highly Voted 1 year, 11 months agoHot_156
4 months agoPamban
1 year, 1 month agoTheProfessor
1 year, 7 months agozellck
Most Recent 2 years, 1 month agobillo79152718
2 years, 3 months agotutonata
2 years, 3 months agopentium75
10 months, 4 weeks agoNian
2 years, 3 months agomajstor86
2 years, 3 months agolili
2 years, 4 months agopentium75
10 months, 4 weeks agoMuaamar_Alsayyad
2 years, 8 months agosomenick
2 years, 8 months agokoreshio
2 years, 8 months agowsrudmen
2 years, 8 months agowsrudmen
2 years, 8 months agopentium75
10 months, 4 weeks agoKelly8023
2 years, 8 months agonqwang
2 years, 8 months agokjloc
2 years, 9 months agocerzee
3 years, 4 months agoBubu3k
3 years, 5 months agoTombarc
3 years, 5 months ago