ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 3 question 56 discussion

Actual exam question from Microsoft's SC-100
Question #: 56
Topic #: 3
[All SC-100 Questions]

Your on-premises network contains an Active Directory Domain Services (AD DS) domain named corp.contoso.com and an AD DS-integrated application named App1.

Your perimeter network contains a server named Server1that runs Windows Server.

You have a Microsoft Entra tenant named contoso.com that syncs with corp.contoso.com.

You plan to implement a security solution that will include the following configurations:
• Manage access to App1 by using Microsoft Entra Private Access.
• Deploy a Microsoft Entra application proxy connector to Server1.
• Implement single sign-on (SSO) for App1 by using Kerberos constrained delegation.
• For Server1, configure the following rules in Windows Defender Firewall with Advanced Security: o Rule1: Allow TCP 443 inbound from a designated set of Azure URLs, o Rule2: Allow TCP 443 outbound to a designated set of Azure URLs, o Rule3: Allow TCP 80 outbound to a designated set of Azure URLs, o Rule4: Allow TCP 389 outbound to the domain controllers on corp.contoso.com.

You need to maximize security for the planned implementation. The solution must minimize the impact on the connector.

Which rule should you remove?

  • A. Rule1
  • B. Rule2
  • C. Rule3
  • D. Rule4
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by tuyi2 at Jan. 29, 2025, 11:59 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
francescoc
3 days, 13 hours ago
Selected Answer: C
HTTP (TCP 80) is unencrypted and inherently less secure than HTTPS (TCP 443).
upvoted 1 times
...
424ede1
3 weeks ago
Selected Answer: A
In application proxy, ALL ACCESS IS OUTBOUND. The private network connectors only use outbound connections to the application proxy service in the cloud over ports 80 and 443. With no inbound connections, there's no need to open firewall ports for incoming connection. This strategy means that your backend servers are not exposed to direct HTTP traffic. They are better protected against targeted DoS because your firewall isn't under attack. https://learn.microsoft.com/en-us/entra/identity/app-proxy/overview-what-is-app-proxy#security-benefits
upvoted 2 times
...
Lrrr_FromOmicronPersei8
1 month, 2 weeks ago
Selected Answer: A
Remove Rule1, Entra ID Application Proxy relies on outbound-only connectivity.
upvoted 2 times
...
Ali96
1 month, 3 weeks ago
Selected Answer: C
Since Rule3 (TCP 80 outbound) is less secure compared to other rules, it should be removed to maximize security without significantly impacting the connector, assuming the connector can still operate without the need for HTTP (TCP 80) traffic
upvoted 2 times
424ede1
3 weeks ago
Wrong! Rule 3 uses these URLs to verify certificates. Check this out: https://learn.microsoft.com/en-us/entra/identity/app-proxy/application-proxy-configure-connectors-with-proxy-servers#proxy-outbound-rules
upvoted 1 times
...
Lrrr_FromOmicronPersei8
1 month, 2 weeks ago
TCP. 80 is needed for checking certificate CRLs in order to establish TLS.
upvoted 2 times
...
...
Er_01
2 months, 2 weeks ago
Selected Answer: C
https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-configure-connectors The question is unclear what “maximize security” means as the doc says you need both 80/443 out. If it means to allowing PKI to work, C is correct A is wrong because inbound is not referenced at all B can be correct as 443 out allows this to work using CA/GSA to work meeting goal. D is wrong because Kerberos needs 88 to the DC, in addition to 389. All told, a terrible question.
upvoted 3 times
...
Lrrr_FromOmicronPersei8
2 months, 2 weeks ago
Selected Answer: A
Remove Rule1. Entra Application Proxy requires no inbound connectivity.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago