ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-301 All Questions

View all questions & answers for the AZ-301 exam
Go to Exam

Exam AZ-301 topic 6 question 6 discussion

Actual exam question from Microsoft's AZ-301
Question #: 6
Topic #: 6
[All AZ-301 Questions]

DRAG DROP -
Your company has users who work remotely from laptops.
You plan to move some of the applications accessed by the remote users to Azure virtual machines. The users will access the applications in Azure by using a point-to-site VPN connection. You will use certificates generated from an on-premises-based certification authority (CA).
You need to recommend which certificates are required for the deployment.
What should you include in the recommendation? To answer, drag the appropriate certificates to the correct targets. Each certificate may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
by sunnyetnow at Nov. 28, 2019, 10:39 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
[Removed]
Highly Voted 4 years, 11 months ago
Trusted Root Certification Authorities certificate store on each laptop: => A root CA certificate that has the public key only. You never want to store the private key of the root CA on any client devices. The users' personal store on each laptop: => A user certificate that has the private key. This is required so the VPN client can sign its messages using the private key. The same certificate can be used for multiple clients, though I would not recommend to do this. The Azure VPN gateway: => A root CA certificate that has the public key only. This is required so that the Azure VPN Gateway can authenticate clients that have installed a client certificate generated from the trusted root certificate.
upvoted 27 times
...
JohnAvlakiotis
Highly Voted 5 years, 4 months ago
"Certificates are used by Azure to authenticate clients connecting to a VNet over a Point-to-Site VPN connection. Once you obtain a root certificate, you upload the public key information to Azure. The root certificate is then considered 'trusted' by Azure for connection over P2S to the virtual network. You also generate client certificates from the trusted root certificate, and then install them on each client computer. The client certificate is used to authenticate the client when it initiates a connection to the VNet." https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal Answers are correct.
upvoted 9 times
...
glam
Most Recent 4 years, 4 months ago
given answer is correct.
upvoted 1 times
...
milind8451
4 years, 5 months ago
Right answer
upvoted 1 times
...
sanketshah
4 years, 5 months ago
given answer is correct.
upvoted 1 times
...
Rajuuu
5 years, 2 months ago
Answer is correct..
upvoted 8 times
...
Protonenpaule
5 years, 2 months ago
Answers are correct according to https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal#uploadfile
upvoted 2 times
...
MeasService
5 years, 2 months ago
I am not convinced with the aswer. First block should be "A root CA certificate that has public key". Second block is correct. Third block should be " A root CA that has private key". Why should I store private key on each client pc ??
upvoted 1 times
MeasService
5 years, 2 months ago
Kindly ignore my previous reply. The given answer looks correct and not mine!
upvoted 1 times
...
...
Yoos
5 years, 4 months ago
if you store your Root Certificate with his private key, that will be a big risk to compromise your PKI.
upvoted 3 times
...
DigitalJones
5 years, 5 months ago
Certificates only have public keys in it, not private keys
upvoted 5 times
examamos
5 years, 4 months ago
In cryptography and computer security, a root certificate is a public key certificate that identifies a root certificate authority (CA), answers are correct.
upvoted 6 times
...
...
tes
5 years, 6 months ago
By default, the Trusted Root Certification Authorities certificate store is configured with a set of public CAs that has met the requirements of the Microsoft Root Certificate Program. https://docs.microsoft.com/en-us/windows-hardware/drivers/install/trusted-root-certification-authorities-certificate-store
upvoted 2 times
...
sunnyetnow
5 years, 7 months ago
The answer should be root certificate with private key As per microsoft documentation The name of the Trusted Root Certification Authorities certificate store is root. You can manually install the root certificate of a private CA into the Trusted Root Certification Authorities certificate store on a computer by using the CertMgr tool. https://docs.microsoft.com/en-us/windows-hardware/drivers/install/trusted-root-certification-authorities-certificate-store
upvoted 1 times
Famous_Guy
5 years, 2 months ago
Given Answer is correct. I tested in Lab
upvoted 13 times
tartar
4 years, 9 months ago
Root Private Root
upvoted 3 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel