ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 4 question 15 discussion

Actual exam question from Microsoft's SC-100
Question #: 15
Topic #: 4
[All SC-100 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance.
You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.
Solution: You recommend access restrictions based on HTTP headers that have the Front Door ID.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by BillyB2022 at Sept. 2, 2022, 8:18 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
lummer
Highly Voted 2 years, 9 months ago
Answer is correct: A. Azure Front Door is a globally distributed multi-tenant service. So, the infrastructure for Front Door is shared across all its customers. to ensure that your specific tenant is sending the data you need a HTTP Header with the ID of your Frontdoor tenant. The service tag alone will allow any frontdoor tenant to contact your web app.
upvoted 15 times
...
Granwizzard
Highly Voted 2 years, 9 months ago
Selected Answer: A
We can use both Service Tags or headers with the FDID. https://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq#how-do-i-lock-down-the-access-to-my-backend-to-only-azure-front-door-
upvoted 10 times
ariania
9 months ago
According to the Azure Front Door documentation, to lock down access to your backend (such as an Azure App Service web app) to only allow traffic from Front Door, you should configure your backend to only accept traffic with a specific header. Azure Front Door sends a special header (X-Azure-FDID) that identifies the request as originating from Azure Front Door. While service tags can restrict traffic based on IP ranges, using HTTP headers with the Front Door ID is the recommended approach because Front Door uses dynamic IPs that may change, making IP-based restrictions less reliable. The HTTP header provides a more consistent and reliable way to ensure that only traffic routed through Front Door is allowed
upvoted 1 times
...
...
Lucone53
Most Recent 1 year, 3 months ago
Answer: A
upvoted 1 times
...
Murtuza
1 year, 5 months ago
Selected Answer: A
Answer is correct: A.
upvoted 1 times
...
zellck
2 years ago
Selected Answer: A
A is the answer. https://learn.microsoft.com/en-us/azure/app-service/overview-access-restrictions#restrict-access-to-a-specific-azure-front-door-instance Traffic from Azure Front Door to your application originates from a well known set of IP ranges defined in the AzureFrontDoor.Backend service tag. Using a service tag restriction rule, you can restrict traffic to only originate from Azure Front Door. To ensure traffic only originates from your specific instance, you need to further filter the incoming requests based on the unique http header that Azure Front Door sends called X-Azure-FDID. You can find the Front Door ID in the portal.
upvoted 1 times
...
dc2k79
2 years, 5 months ago
A is correct. Both Network Service Tags and specialized HTTP Headers are used.
upvoted 1 times
...
rad9899
2 years, 7 months ago
Selected Answer: A
A is correct
upvoted 2 times
...
JakeCallham
2 years, 7 months ago
Selected Answer: A
Guys, Http header AND service tags are correct. This is a situation where there are more than one solutions. https://learn.microsoft.com/en-us/azure/frontdoor/front-door-faq#how-do-i-lock-down-the-access-to-my-backend-to-only-azure-front-door-
upvoted 3 times
Ajdlfasudfo0
2 years, 3 months ago
well actually no: you have to combine both solutions, like stated in the ms doc
upvoted 1 times
...
...
darren888
2 years, 8 months ago
Correct answer is A To ensure traffic only originates from your specific instance, you will need to further filter the incoming requests based on the unique http header that Azure Front Door sends.more granular than service tags alone which is what the Azure app service requires.more secure agree with Lummer
upvoted 5 times
...
BillyB2022
2 years, 9 months ago
Selected Answer: B
Service tag
upvoted 6 times
JakeCallham
2 years, 7 months ago
Http header AND service tags are correct. This is a situation where there are more than one solutions. https://learn.microsoft.com/en-us/azure/frontdoor/front-door-faq#how-do-i-lock-down-the-access-to-my-backend-to-only-azure-front-door-
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel