HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
Suggested Answer:
Box 1: No - Azure firewall does not encrypt network traffic. It is used to block or allow traffic based on source/destination IP address, source/destination ports and protocol.
Box 2: No - A network security group does not encrypt network traffic. It works in a similar way to a firewall in that it is used to block or allow traffic based on source/ destination IP address, source/destination ports and protocol.
Box 3: No - The question is rather vague as it would depend on the configuration of the host on the Internet. Windows Server does come with a VPN client and it also supports other encryption methods such IPSec encryption or SSL/TLS so it could encrypt the traffic if the Internet host was configured to require or accept the encryption. However, the VM could not encrypt the traffic to an Internet host that is not configured to require the encryption. Reference: https://docs.microsoft.com/en-us/azure/security/azure-security-data-encryption-best-practices#protect-data-in-transit
You don't need a VPN to encrypt traffic.
Install an SQL Server and configure TLS connections and you have encrypted traffic.
Install an IIS web server (in windows features, anyone can have it) and configure HTTPS bindings and you have encrypted traffic. You can also deny HTTP traffic in IIS and allow only the HTTPS encrypted connections.
Umm actually, by default it does send data encrypted to the internet. What is going to be one of the first things you do when you stand up a VM? Go to the internet. Let's say you stood up the VM and decided to upload files to OneDrive using a browser. What protocol is that browser going to leverage? That's right SSL with some form of TLS encrypting the data. This should be yes.
Windows CAN encrypt data, which is all that is being asked for.
In matters like this where the correct answer is ambiguous, I'm inclined to go with the one that makes Microsoft look good.
Any (modern) web server installed on a Windows server 2016 could use TLS (or HTTPS bindings) - because that's how a good web server should be (and a common feature too).
SSL and TLS, SFTP. Windows can't just start offloading data arbitrarily. There needs to be a defined set of processes and procedure to do that. In which case you as the admin makes the decision.
Box 3 is also "NO".
You cannot encrypt ALL kind of traffic from Azure VMs sent to the Internet!
You can only encrypt traffic between two TRUSTED endpoints. Obviously the Internet isn't the trusted endpoint. In order to make it work, the use of a VPN gateway is required, and then the traffic can be encrypted "over" the public connection - Internet, between Azure VMs/vNets and the trusted on-premises locations.
"You can use an Azure VPN gateway to send encrypted traffic between your virtual network and your on-premises location across a public connection, or to send traffic between virtual networks." References: https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-overview
There is no VPN gateway required. This is simply asking about enrypting network traffic which pretty much every webserver in existance is able to do, whether its based on the internet or internal network communications.
The two endpoints don't necessarily have to trust each other. Its usually one-sided unless with the server needing to prove its trustworthy, unless there is client cert authentication too. All that needs to happen is that a server presents a public cert on the initial client connection and the client decides whether or not to trust the server during the TLS handshake. This depends on details on the cert such as the CA and available ciphers they agree upon.
Once the TLS handshake is completed and both sides have the the symmetric keys then the server begins encrypting data and sending it out over the network for the client to decrypt and vice versa.
Can an azure VM that runs windows server 2016 encrypt network traffic? The answer is definitely Yes, or microsoft would be going quickly out of business.
Azure Firewall will encrypt all the network traffic sent from Azure to the Internet. 🚫 No, Azure Firewall itself does not encrypt network traffic. It provides security by filtering and monitoring traffic, but encryption must be handled by other services, such as SSL/TLS.
A network security group (NSG) will encrypt all the network traffic sent from Azure to the Internet. 🚫 No, NSGs do not encrypt network traffic. They control inbound and outbound traffic rules at the network level but do not provide encryption.
Azure virtual machines that run Windows Server 2016 can encrypt network traffic sent to the Internet. ✅ Yes, Azure virtual machines running Windows Server 2016 can encrypt network traffic sent to the Internet using protocols like SSL/TLS for secure communication.
o None of them encrypts traffic. Traffic encryption is done by VPN or expresse route gateway for secure communication between virtual networks or between on-premise and virtual networks.
By default, Windows Server 2016 does not automatically encrypt traffic sent to or received from the Internet. For example, HTTP traffic is not encrypted by default; it needs to be explicitly configured to use HTTPS.
No. Azure Firewall does not encrypt network traffic, it provides network-level protection by filtering inbound and outbound traffic based on rules.
No. A Network Security Group (NSG) also does not encrypt network traffic. It simply controls access by permitting or denying network traffic to resources connected to Azure Virtual Networks (VNet).
Yes. Azure VMs that run Windows Server 2016 can encrypt network traffic sent to the internet, but this would be dependent on the application or service running on the VM implementing encryption, such as using HTTPS for web traffic. It's not a feature of the VM or the operating system itself.
According to https://azure.microsoft.com/en-us/products/azure-firewall/ it says ,
Azure Firewall decrypts outbound traffic, performs required security checks, and then encrypts the traffic to the destination.
It means that Azure Firewall does encryption for outbound traffic.
No Azure Firewall doesn't encrypt or decrypt traffic inbound or outbound. If you are sending a traffic with HTTPS, how will Firewall know what is the destination as the hostname headers are encrypted. So it just decap the packet to find the Hostheader and then check that against the network and application rule and allow/deny the request.
see - https://learn.microsoft.com/en-us/answers/questions/1141553/does-azure-firewall-encrypt-all-the-network-traffi
https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-overview#in-transit-encryption-in-azure-virtual-machines
By using SMB 3.0 in VMs that are running Windows Server 2012 or later, you can make data transfers secure by encrypting data in transit over Azure Virtual Networks. By encrypting data, you help protect against tampering and eavesdropping attacks.
Because of this, I think 3 should be YES
NO
NO
YES - Azure virtual machines that run Windows Server 2016 ***can*** encrypt the network traffic sent from the virtual machies to a host on the Internet.
Notice "can", given that Windows Server 2016 can be configured to do so
This section is not available anymore. Please use the main Exam Page.AZ-900 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Salilgen
Highly Voted 4 years, 2 months agothebadfella
3 years, 8 months agoalexandru_chirita
3 years, 6 months agowolfobi
3 years, 3 months agolovecloud2
3 years, 4 months agoExamTopicsAdmin1
2 years, 9 months agoHibin
3 years, 8 months agowerbinich
4 years, 1 month ago[Removed]
3 years, 7 months agoSimonR2
4 years agoCis
3 years, 11 months agoalexandru_chirita
3 years, 6 months agoExamTopicsAdmin1
2 years, 9 months agohercu
Highly Voted 4 years, 1 month agoSimonR2
4 years agobytoki
3 years, 10 months agoMozbius_
3 years, 4 months agoWazery
Most Recent 2 months agoRupom8547
5 months, 2 weeks agoNoursBear
7 months, 3 weeks ago126e81f
8 months, 2 weeks agoe3ddceb
9 months, 3 weeks agocristianosilva
1 year, 8 months agovarads6
1 year, 11 months agob_script
2 years, 1 month agoSK_CODER
2 years, 4 months agoFosnefes
2 years, 2 months agoFosnefes
2 years, 2 months agoShamwowguy
2 years, 6 months agoRestlessMonkey
2 years, 6 months agomcam818
2 years, 7 months ago_your__fear_
2 years, 9 months agoXP_2600
2 years, 10 months agomehasi
3 years ago