ExamTopics Logo
Mail Us[email protected]
Menu
Apics Discussions
exam questions

Exam CSCP All Questions

View all questions & answers for the CSCP exam
Go to Exam

Exam AZ-700 topic 4 question 8 discussion

Actual exam question from APICS's CSCP
Question #: 8
Topic #: 1
[All CSCP Questions]

You have an Azure subscription that contains the following resources:
✑ A virtual network named Vnet1
✑ Two subnets named subnet1 and AzureFirewallSubnet
✑ A public Azure Firewall named FW1
✑ A route table named RT1 that is associated to Subnet1
✑ A rule routing of 0.0.0.0/0 to FW1 in RT1
After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated.
You need to ensure that the virtual machines can be activated.
What should you do?

  • A. On FW1, create an outbound service tag rule for AzureCloud.
  • B. On FW1, create an outbound network rule that allows traffic to the Azure Key Management Service (KMS).
  • C. Deploy a NAT gateway.
  • D. To Subnet1, associate a network security group (NSG) that allows outbound access to port 1688.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Bharat at Oct. 13, 2021, 1:23 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
voldemort123
Highly Voted 10 months, 2 weeks ago
I will remember this answer even if i want to forget
upvoted 13 times
...
srs27
Highly Voted 2 years, 8 months ago
This is correct. When you use Force tunneling, then for Windows activation traffic should be allowed for Azure KMS Servers. Either the way mentioned in Option B or you add UDR to point Internet for KMS outbound traffic.
upvoted 5 times
Grafting
2 years, 7 months ago
where does it mention force tuneling?
upvoted 1 times
hendylaja
2 years, 4 months ago
If forced tunneling was enabled, the Firewall Subnet would be named AzureFirewallManagementSubnet
upvoted 2 times
jellybiscuit
1 year, 10 months ago
I see you learned something from the previous question ;)
upvoted 3 times
[Removed]
1 year, 7 months ago
Incorrect, there would be 2 FW subnets, one regular one and the second which is management one.
upvoted 1 times
...
...
...
...
...
deka_peace
Most Recent 2 weeks, 4 days ago
Selected Answer: B
It better be in the exam.... appearing a lot
upvoted 1 times
...
Henryjb3
6 months, 3 weeks ago
I thought we left this question in Topic 3.
upvoted 3 times
...
MrBlueSky
1 year, 4 months ago
Careful, there may be a slightly different worded version of this on the actual exam.
upvoted 2 times
...
Skankhunt
1 year, 6 months ago
Déjà vu ^_^
upvoted 4 times
...
Alessandro365
1 year, 11 months ago
Selected Answer: B
B is correct
upvoted 1 times
...
unclegrandfather
2 years, 1 month ago
Appeared on exam Jun/28/22
upvoted 1 times
...
kinder2
2 years, 2 months ago
Selected Answer: B
the answer "B" is correct. you should have this rule { "ruleType": "NetworkRule", "name": "azure-to-kms", "ipProtocols": ["TCP"], "sourceAddresses": [ "[parameters('envParameters').firewall.properties.baseNetworkPrefix]" ], "sourceIpGroups": [], "destinationAddresses": ["23.102.135.246"], "destinationIpGroups": [], "destinationFqdns": [], "destinationPorts": ["1688"] }
upvoted 4 times
...
wsrudmen
2 years, 3 months ago
Selected Answer: B
Correct! Azure VM activation issues occur if the Windows VM is not configured by using the appropriate KMS client setup key, or the Windows VM has a connectivity problem to the Azure KMS service. This link is better: https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/troubleshoot-activation-problems
upvoted 2 times
...
rockethack
2 years, 6 months ago
This question was on the exam on 18th Feb 2022.
upvoted 1 times
...
Kimimoto
2 years, 6 months ago
Appeared in exam on 11/Feb/2022
upvoted 1 times
...
Contactfornitish
2 years, 7 months ago
Appeared in exam on 17/01/2022
upvoted 1 times
...
Pravda
2 years, 8 months ago
KMS is the correct answer.
upvoted 3 times
...
Bharat
2 years, 10 months ago
Based on the linked article, it should be D not B, i.e., o Subnet1, associate a network security group (NSG) that allows outbound access to port 1688. Becase the Key Management Service Port is 1688.
upvoted 4 times
Bharat
2 years, 10 months ago
Apologies. The provided answer is correct upon reading the article carefully.
upvoted 9 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago