Exam AZ-500 topic 3 question 49 discussion

Upvote here if you was shocked the correct answer is not D (I know if you actually have read the document it's B)

https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate Private certificate requirements: Azure Web Apps does not support AES256 and all pfx files should be encrypted with TripleDES.

https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?tabs=apex%2Crbac%2Cazure-cli#:~:text=from%20the%20internet.-,Private%20certificate%20requirements,custom%20domain%20in%20a%20TLS%20binding%2C%20the%20certificate%20must%20meet%20these,-additional%20requirements%3A

To enable HTTPS for the Azure web app, you should first export the private key from the on-premises server and save the key as a PFX file. This is because the private key is required to establish the secure connection. The encryption method can be either TripleDES or AES256, but AES256 is more secure. So, the correct answer is D. Export the private key from the on-premises server and save the key as a PFX file that is encrypted by using AES256. After that, you can upload this PFX file to your Azure Web App.

OpenSSL v3 changed default cipher from 3DES to AES256, but this can be overridden on the command line -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -macalg SHA1. OpenSSL v1 uses 3DES as default, so the PFX files generated are supported without any special modifications.

B. Export the private key from the on-premises server and save the key as a PFX file that is encrypted by using TripleDES.

Private certificate requirements The free App Service managed certificate and the App Service certificate already satisfy the requirements of App Service. If you choose to upload or import a private certificate to App Service, your certificate must meet the following requirements: Exported as a password-protected PFX file, encrypted using triple DES. https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?tabs=apex

Very surprised about this answer. I picked AES256 as well. The answer is right, listed in the documentation. B

Letter D. When migrating a web app to Azure and continuing to use the same URL with HTTPS (https://www.contoso.com), you will need to configure an SSL certificate for the Azure web app. To do this, you need to export the private key from the on-premises server, create a PFX file containing the private key and the associated public key (certificate), and ensure that it's encrypted using a strong encryption algorithm like AES256. Once you have the PFX file with the private key and certificate, you can upload and configure the SSL certificate in the Azure web app to enable HTTPS for the domain.

TripleDES all day.

Yes, Microsoft Azure supports AES-256 encryption for securing data at rest. Azure provides various services that can be used to build web applications, and depending on the specific service you are using, AES-256 encryption can be implemented. For example, if you are using Azure App Service to host your web application, you can enable Azure Storage Service Encryption (SSE) for the underlying storage account. SSE automatically encrypts data at rest using AES-256 encryption. Additionally, you can also implement client-side encryption within your web application to further secure sensitive data before storing it in Azure. It's worth noting that encryption is a multi-layered approach, and while AES-256 is a strong encryption algorithm, it's important to consider other security measures such as access controls, network security, and secure coding practices to ensure a comprehensive security posture for your web application.

"OpenSSL v3 creates certificate serials with 20 octets (40 chars) as the X.509 specification allows. Currently only 10 octets (20 chars) is supported when uploading certificate PFX files. OpenSSL v3 also changed default cipher from 3DES to AES256, but this can be overridden on the command line. OpenSSL v1 uses 3DES as default and only uses 8 octets (16 chars) in the serial, so the PFX files generated are supported without any special modifications." Correct Answer for me is D

Reference https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?tabs=apex%2Cportal#private-certificate-requirements

B is the answer. https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?tabs=apex%2Cportal#private-certificate-requirements If you choose to upload or import a private certificate to App Service, your certificate must meet the following requirements: - Exported as a password-protected PFX file, encrypted using triple DES.

Selected Answer: B Exported as a password-protected PFX file, encrypted using triple DES.

It is still triple DES Exported as a password-protected PFX file, encrypted using triple DES. Contains private key at least 2048 bits long Contains all intermediate certificates and the root certificate in the certificate chain. https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?tabs=apex%2Cportal#private-certificate-requirements

Correction. B. Export the private key from the on-premises server and save the key as a PFX file that is encrypted by using TripleDES. In official documentation only triple DES encryption is supported : https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?tabs=apex%2Cportal