ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-300 All Questions

View all questions & answers for the AZ-300 exam
Go to Exam

Exam AZ-300 topic 1 question 63 discussion

Actual exam question from Microsoft's AZ-300
Question #: 63
Topic #: 1
[All AZ-300 Questions]

SIMULATION -
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.






When you are finished performing all the tasks, click the "˜Next' button.
Note that you cannot return to the lab once you click the "˜Next' button. Scoring occur in the background while you complete the rest of the exam.

Overview -
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

To start the lab -
You may start the lab by clicking the Next button.
Another administrator reports that she is unable to configure a web app named corplod8548987n3 to prevent all connections from an IP address of 11.0.0.11.
You need to modify corplod8548987n3 to successfully prevent the connections from the IP address. The solution must minimize Azure-related costs.
What should you do from the Azure portal?

Show Suggested Answer Hide Answer
Suggested Answer: See explanation below.
Step 1:
Find and select application corplod8548987n3:
1. In the Azure portal, on the left navigation panel, click Azure Active Directory.
2. In the Azure Active Directory blade, click Enterprise applications.
Step 2:
To add an IP restriction rule to your app, use the menu to open Network>IP Restrictions and click on Configure IP Restrictions

Step 3:

Click Add rule -
You can click on [+] Add to add a new IP restriction rule. Once you add a rule, it will become effective immediately.

Step 4:
Add name, IP address of 11.0.0.11, select Deny, and click Add Rule

References:
https://docs.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions
by Oz at Oct. 22, 2019, 12:32 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ekramy_Elnaggar
Highly Voted 5 years, 6 months ago
App > Networking > Access Restrictions > Add Deny rule
upvoted 17 times
Myk
5 years, 4 months ago
Funny how the graphic now changes from IP restrictions(as shown in the original dump answer) to Access Restrictions. But yes you are correct that is now the current graphic.
upvoted 1 times
...
...
SilentH
Highly Voted 5 years, 4 months ago
After you add the Deny rule for 11.0.0.11 (rule 100), I believe you need to add another rule to allow all other IP address with a CIDR of 0.0.0.0/0. I made this second rule with a priority of 110.
upvoted 15 times
Happiman
5 years, 3 months ago
Very good point...!
upvoted 5 times
...
manhattan
5 years, 2 months ago
I don't think it is a firewall with implicit "deny all" rule at the end
upvoted 2 times
...
praveen97
4 years, 11 months ago
Very good point SilentH. Yes, we need to add 2 rules. one is to deny and other is to allow.
upvoted 1 times
...
Himanshu27
4 years, 9 months ago
this isn't working allow 0.0.0.0/0 seems to be overriding deny 11.0.0.11/32 rule. even this ip can hit the app url when 0.0.0.0/0 rule is added. when removed all ips are restricted.
upvoted 1 times
...
...
milind8451
Most Recent 5 years, 1 month ago
Go to APp service -> Networking -> Access restrictions -> "Add Rule" It needs IP address block (CIDR), so just mention IP address here, it will itself convert to 11.0.0.11/32.
upvoted 3 times
...
TYT
5 years, 2 months ago
Based on the new changes, you have to go to App Services, Go to the App, Networking, Access Restrictions: Add a rule to deny traffic from the specific IP address. You have to explicitly add a new rule to allow the traffic from other address by adding a "Allow All' rule at 0.0.0.0 as satgo (credits) mentioned (great point). Because when you add a deny rule, Azure will add one more rule by default with a priority of a huge number, so you have to add a Allow All rule with less priority.
upvoted 7 times
...
satgo
5 years, 2 months ago
https://docs.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions#blocking-a-single-ip-address Need to add 0.0.0.0 AllowAll
upvoted 7 times
...
Protonenpaule
5 years, 3 months ago
https://docs.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions#blocking-a-single-ip-address
upvoted 10 times
...
JatinA
5 years, 6 months ago
Just to add, when you add 11.0.0.11, it automatically converts it into 11.0.0.11/32 CIDR. Here, 32 means only one IP address.
upvoted 4 times
bhendi
5 years, 1 month ago
This is correct, I did it in lab.
upvoted 1 times
...
...
Cern77
5 years, 6 months ago
And ... here it is : "prevent all connections from an IP address of 11.0.0.11" Then, set a deny rule on the correspondent IP ...
upvoted 5 times
...
Oz
5 years, 8 months ago
Step 1. From Azure portal, type App Services. Find web app name and click on it. Step2. Scroll down to Networking from the menu to the left.
upvoted 6 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel