Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-740 All Questions

View all questions & answers for the 70-740 exam
Go to Exam

Exam 70-740 topic 1 question 212 discussion

Actual exam question from Microsoft's 70-740
Question #: 212
Topic #: 1
[All 70-740 Questions]

Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
A company named Contoso, Ltd. has several servers that run Windows Server 2016. Contoso has a Hyper-V environment that uses failover clustering and
Windows Server Update Services (WSUS). The environment contains several Windows containers and several virtual machines.
The WSUS deployment contains one upstream server that is located on the company's perimeter network and several downstream servers located on the internal network. A firewall separates the upstream server from the downstream servers.
You plan to deploy a human resources application to a new server named HRServer5. HRServer5 contains a FAT32-formatted data volume.
The CIO of Contoso identifies the following requirements for the company's IT department:
✑ Deploy a failover cluster to two new virtual machines.
✑ Store all application databases by using Encrypted File System (EFS).
✑ Ensure that each Windows container has a dedicated IP address assigned by a DHCP server.
✑ Produce a report that lists the processor time used by all of the processes on a server named Server1 for five hours.
✑ Encrypt all communication between the internal network and the perimeter network, including all WSUS communications.
✑ Automatically load balance the virtual machines hosted in the Hyper-V cluster when processor utilization exceeds 70 percent.
Which two actions should you perform to meet the encryption requirement for WSUS? Each correct answer presents part of the solution.

  • A. Require SSL on the Inventory virtual directory.
  • B. Require SSL on the ClientWebService virtual directory.
  • C. Create a firewall rule to allow TCP port 443.
  • D. Create a firewall rule to allow TCP port 8531.
Show Suggested Answer Hide Answer
Suggested Answer: BC 🗳️
References:
https://technet.microsoft.com/en-us/library/bb633246.aspx
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
by hkshado at Oct. 7, 2019, 11:03 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
rashad040
Highly Voted 5 years ago
answer B D
upvoted 8 times
...
Thermal
Highly Voted 4 years, 8 months ago
Whenever someone states an answer is wrong I often work through trying to disprove them and prove the answer here correct, more often than not I am successful (the amount of times people claim an answer is wrong and it isn't is pretty unreal. there are oftne mutliple answers and you can't just find an alternative that works as MS is looking for one specific answer;However, in this case all instances of this question on all sites are incorrect and their own reference material they list to justify the answer points to official Microsoft documents written back in 2011, WSUS 4.0 came in with Windows Server 2012R2 in 2012 and so did the new port number, so yes... answer is B and D (8531)
upvoted 5 times
...
Jahoor69
Most Recent 4 years ago
its port 8531 because its about server 2016 and thus WSUS 6.2 and later
upvoted 2 times
...
Dave_Holden
4 years ago
B and C are correct. 443 is used by WSUS to communicate over the internet. All other clients will also use 443 for SSL. 8531 is only used for WSUS to WSUS. The requirement is for internet and perimeter cases. https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/2-configure-wsus See section 2.1.1 Connection from the WSUS server to the Internet: "If there is a corporate firewall between WSUS and the Internet, you might have to configure that firewall to ensure WSUS can obtain updates. To obtain updates from Microsoft Update, the WSUS server uses port 443 for HTTPS protocol." Section 2.1.2. Connection between WSUS servers: "WSUS upstream and downstream servers will synchronize on the port configured by the WSUS Administrator" <<<< UPSTREAM and DOWNSTREAM SERVERS. This would only be the case if there was a WSUS server in the perimeter that needed to talk to a WSUS behind the perimeter, which is not the requirement. So NO port 8531 rule needed.
upvoted 3 times
Dave_Holden
3 years, 11 months ago
Ref for answer B as correct here: https://jackstromberg.com/2013/11/enabling-ssl-on-windows-server-update-services-wsus/ Step 6
upvoted 1 times
...
Dave_Holden
3 years, 11 months ago
I was wrong. B & D are correct. I should have read this with more attention. There is in fact a requirement to have the upstream and downstream servers talking over SSL. So a firewall rule on the perimeter firewall for port 8531 needs to be created. The WSUS deployment contains one upstream server that is located on the company's perimeter network and several downstream servers located on the internal network. A firewall separates the upstream server from the downstream servers. Encrypt all communication between the internal network and the perimeter network, including all WSUS communications.
upvoted 2 times
...
...
GoldenFox
4 years, 2 months ago
I think B+D https://forums.itpro.tv/topic/1952/confusing-wsus-and-encryption-test-prep-question-svr-2016/2
upvoted 1 times
...
TA77
4 years, 4 months ago
- Connection from the WSUS server to the Internet: "To obtain updates from Microsoft Update, the WSUS server uses port 443 for HTTPS protocol". - Connection between WSUS servers: "On WSUS 6.2 and later (at least Windows Server 2012 ), port 8530 for HTTP and 8531 for HTTPS are used". - Connection between clients (Windows Update Agent) and WSUS servers: "The default ports are the same as those specified in the preceding section Connection between WSUS servers, and the firewall on the WSUS server must also be configured to allow inbound traffic on these ports.". (8531/8530). Reference: https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/2-configure-wsus#:~:text=When%20you%20type%20the%20intranet,type%20http%3A%2F%2Fservername%3A8530.
upvoted 2 times
TA77
4 years, 4 months ago
The exact part inside the link page: https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/2-configure-wsus#:~:text=Connection%20from%20the%20WSUS%20server%20to%20the%20Internet
upvoted 1 times
...
...
popcar11
4 years, 6 months ago
On WSUS 3.2 and earlier, port 80 for HTTP and 443 for HTTPS On WSUS 6.2 and later (at least Windows Server 2012), port 8530 for HTTP and 8531 for HTTPS
upvoted 3 times
...
todorov
4 years, 7 months ago
If we read carefully it says: Encrypt ***all*** communication between the internal network and the perimeter network, including all WSUS communications. Would that 'all' justify port 443?
upvoted 1 times
mhassan
4 years, 7 months ago
https://docs.microsoft.com/en-us/previous-versions/system-center/configuration-manager-2007/bb632477%28v%3dtechnet.10%29
upvoted 1 times
...
alexnt
4 years, 5 months ago
The question here asks for WSUS, so I believe port 8531 is correct.
upvoted 1 times
...
Dave_Holden
3 years, 11 months ago
Almost... except the last requirement of the question itself is: Which two actions should you perform to meet the encryption requirement >>for WSUS?<<. So while other traffic might justify the thinking of 443 and also need to be set to meet the requirements for other traffic, the setting for WSUS by default in 2016 is 8531.
upvoted 1 times
...
...
panda
4 years, 8 months ago
The given link can't be retrieved by its title "How to Configure the WSUS Web Site to Use SSL". Instead it can be retrieved by its URL (*1). Why can't it be retrieved? If it isn't possible to retrieve using its title, I can't retrieve the link using keyword in the question. Can sombody tell me how to?
upvoted 1 times
panda
4 years, 8 months ago
(*1)https://docs.microsoft.com/en-us/previous-versions/system-center/configuration-manager-2007/bb633246(v=technet.10)?redirectedfrom=MSDN
upvoted 1 times
...
...
wandelbaard
4 years, 8 months ago
B and D See: https://jackstromberg.com/2013/11/enabling-ssl-on-windows-server-update-services-wsus/
upvoted 2 times
...
ve22
4 years, 9 months ago
Last month question..
upvoted 3 times
...
Aldrid
4 years, 11 months ago
Connection between clients (Windows Update Agent) and WSUS servers The default ports are the same as those specified in the preceding section Connection between WSUS servers For 2012+ port for HTTPS is 8531 B D
upvoted 3 times
...
coleman
5 years, 1 month ago
why is 443?
upvoted 2 times
hkshado
5 years, 1 month ago
it should be 8531
upvoted 4 times
...
...
hkshado
5 years, 1 month ago
I am not sure about answer B. But I quite sure answer C is wrong, it should be D instead of C. Communication of between WSUS <> WSUS and WSUS <> client (for WSUS 4.0 and above) uses port 8530 for non-SSL traffic and port 8531 for SSL encrypted traffic https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/2-configure-wsusSince
upvoted 4 times
hkshado
5 years, 1 month ago
The link is dead, use this one https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/2-configure-wsus WSUS upstream and downstream servers will synchronize on the port configured by the WSUS Administrator. By default, these ports are configured as follows: On WSUS 3.2 and earlier, port 80 for HTTP and 443 for HTTPS On WSUS 6.2 and later (at least Windows Server 2012 ), port 8530 for HTTP and 8531 for HTTPS are used
upvoted 2 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel