ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 5 question 59 discussion

Actual exam question from Microsoft's AZ-104
Question #: 59
Topic #: 5
[All AZ-104 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load
Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.

You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail.
You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution: You modify the priority of the Allow_131.107.100.50 inbound security rule.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Dalias at May 7, 2021, 1:49 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mlantonis
Highly Voted 3 years, 9 months ago
Correct Answer: B - No Allow_131.107.100.50 rule has a higher priority (100). The issue is not related with the priority of the rule.
upvoted 41 times
...
Dalias
Highly Voted 3 years, 10 months ago
Answer is correct. Current rule is already at the highest priority.. i hope such questions appear in the exams to take away some of the stress.
upvoted 18 times
...
Elsayed2030
Most Recent 2 months, 1 week ago
Selected Answer: B
The machine is switched off - look at the "attach network interface" at the top of the pic
upvoted 1 times
...
[Removed]
4 months, 1 week ago
Selected Answer: B
B is correct
upvoted 1 times
...
tashakori
11 months, 2 weeks ago
No is right
upvoted 1 times
...
tashakori
11 months, 2 weeks ago
No is right
upvoted 1 times
...
jhodax
1 year ago
Selected Answer: B
Answer B (No) When an Azure Load Balancer get created, it will probe backend to detect if the backend service is healthy or not, the probe packet is sent from source address "AzureLoadBalancer", the IP address of "AzureLoadBalancer" is always 168.63.129.16. https://msazure.club/addendum-of-azure-load-balancer-and-nsg-rules/ What is happening here is the LB Health Probe of TCP 443 to VM1 & VM2 are getting blocked by Rule 200 so it thinks both VM1 and VM2 are down. Hence App1 is failing as the LB won't direct any 443 traffic anywhere as it considers all Hosts are down. Make a new rule above 200 or move rule 65001 up to <200, so the Health Probe will start working again, it will find a health host and start to direct 443 traffic from 131.107.100.50 to it. App1 is alive!
upvoted 1 times
f1fa59b
2 months, 1 week ago
This appears to be a fake bot answer which has been posted by the same account in question #58 but answering as A: yes.
upvoted 1 times
...
...
sakibmas
1 year, 6 months ago
Selected Answer: B
create an inbound security rule that allows any traffic from the AzureLoadBalancer source and has a cost of 150.
upvoted 2 times
josola
1 year, 3 months ago
That won't solve the issue because the current NSG rule has the higher priority
upvoted 1 times
alexandrud
1 year, 2 months ago
Actually this adding the inbound rule that allows any traffic from the AzureLoadBalancer source and has the cost of 150 may resolve the issue. This Question was in my exam today and I specifically looked at the "Attach network interface" button and it was grayed out (not enabled like in this screenshot).
upvoted 2 times
...
...
...
Liriano
2 years, 4 months ago
In exam today, go with highly voted
upvoted 1 times
mung
2 years, 3 months ago
Stop commenting like that dude.. Most Highly voted answers are still wrong on ET.
upvoted 3 times
...
...
kf01234
2 years, 4 months ago
Selected Answer: A
Delete 200 makes 65501 workable
upvoted 2 times
chikorita
2 years ago
no dude
upvoted 2 times
...
...
reagan3698
2 years, 4 months ago
Selected Answer: B
Just checked in Azure. The Attach Network Interface icon is lit, this means the VM is powered off.
upvoted 6 times
JoshuaAlkar
2 years, 2 months ago
It's mentioned in previous discussion, Its clear that VM is powered off
upvoted 1 times
garmatey
1 year, 10 months ago
why are you upset it is being mentioned here as well?
upvoted 1 times
...
...
...
EmnCours
2 years, 6 months ago
Selected Answer: B
Correct Answer: B
upvoted 1 times
...
EleChie
2 years, 8 months ago
Correct Answer is B: But the solution is - After considering the issue a bit more I've realized that AllowAzureLoadBalancerInBound security rule only applies to the traffic originated by the Load Balancer - health probes, etc. So rule 200 is blocking the LB Probe traffic which in its turn let LB knows that VM2 (or pool members) is alive/working and hence deleting this rule will solve the issue.
upvoted 1 times
...
suryamk
2 years, 8 months ago
rule name allow_131.107.100.50 has to be updated the destination to “any” will solve this issue>??
upvoted 1 times
...
szabi777
2 years, 11 months ago
The VM is turned off as the Attach network interface option is avalilable. The solution is to turn on the VM. https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface-vm#add-a-network-interface-to-an-existing-vm
upvoted 4 times
...
MrAzureGuru
3 years, 3 months ago
Beware that "You modify the priority" can also mean increasing the number, not just decreasing (as other questions usually demand you do).
upvoted 2 times
...
orion1024
3 years, 5 months ago
As observed by IHensch in the 2 previous questions, the VM is stopped ("Attach network interface" is enabled). So unless the VM is started nothing will change.
upvoted 5 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago