ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 5 question 78 discussion

Actual exam question from Microsoft's AZ-104
Question #: 78
Topic #: 5
[All AZ-104 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load
Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.

You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail.
You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution: You create an inbound security rule that denies all traffic from the 131.107.100.50 source and has a priority of 64999.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by omw2wealth at Sept. 28, 2021, 1:13 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Zarzi
Highly Voted 3 years, 7 months ago
i'm not a robot
upvoted 45 times
...
GBAU
Highly Voted 2 years, 4 months ago
Selected Answer: B
Answer B (No) When an Azure Load Balancer get created, it will probe backend to detect if the backend service is healthy or not, the probe packet is sent from source address "AzureLoadBalancer", the IP address of "AzureLoadBalancer" is always 168.63.129.16. https://msazure.club/addendum-of-azure-load-balancer-and-nsg-rules/ What is happening here is the LB Health Probe of TCP 443 to VM1 & VM2 are getting blocked by Rule 200 so it thinks both VM1 and VM2 are down. Hence App1 is failing as the LB won't direct any 443 traffic anywhere as it considers all Hosts are down. Make a new rule above 200 or move rule 65001 up to <200, so the Health Probe will start working again, it will find a health host and start to direct 443 traffic from 131.107.100.50 to it. App1 is alive!
upvoted 27 times
Student2023
2 years, 2 months ago
For this question (and other questions with similar context) this is the first time the explanation made total sense. Thank you!
upvoted 3 times
...
...
[Removed]
Most Recent 7 months, 3 weeks ago
Selected Answer: B
B is correct You create an inbound security rule that allows any traffic from the AzureLoadBalancer source and has a priority of 150.
upvoted 1 times
...
aikooo
1 year, 2 months ago
I think answer is B
upvoted 1 times
...
Zuurpruim
1 year, 9 months ago
Selected Answer: B
"Attach Network Interface" is not greyed out which means the VM is powered off. That is the reason it's not working.
upvoted 2 times
conip
1 year, 8 months ago
I think sticking to the reason of greyed out "attach button" is misleading. APP is on VM1 and VM2 - even if VM2 is shutdown it should still be served by VM1 - they do share NSG as its attached to subnet so we still need to focus on NSG logic
upvoted 2 times
...
...
[Removed]
2 years, 5 months ago
still on test
upvoted 3 times
...
klexams
2 years, 7 months ago
Selected Answer: B
as rule 200 will still block port 443.
upvoted 2 times
klexams
2 years, 7 months ago
and we want to allow traffic from 131.107.100.50 over TCP port 443, not deny it.
upvoted 1 times
...
...
tahirMScert
2 years, 8 months ago
this was on exam 03oct2022 , I scored 870 and answered as Examtopics answer
upvoted 3 times
...
EmnCours
2 years, 9 months ago
Selected Answer: B
Correct Answer: B
upvoted 1 times
...
ajayasa
3 years, 2 months ago
this question was there on 16/03/2022 with same question and passed with 900 percent
upvoted 1 times
...
theorut
3 years, 3 months ago
You need to start the VM - check Attach Network which is available. This happens only when VM is turned off.
upvoted 7 times
...
JJoh
3 years, 4 months ago
The screen cap already work, you do not need to do anythings
upvoted 1 times
...
hberesford
3 years, 5 months ago
you need to change the priority of the inbound rule
upvoted 2 times
hberesford
3 years, 5 months ago
I mean the priority should not be 6995
upvoted 1 times
hberesford
3 years, 5 months ago
64999 it should be 150
upvoted 2 times
...
...
...
SK_2_SK
3 years, 6 months ago
Answer is No. You need to start VM.
upvoted 3 times
...
im82
3 years, 6 months ago
Was on exam today 19.11.2021. Passed with 920. Correct answer: B
upvoted 11 times
...
omw2wealth
3 years, 8 months ago
Answer is correct : No.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel