Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam

Exam SC-100 topic 10 question 1 discussion

Actual exam question from Microsoft's SC-100
Question #: 1
Topic #: 11
[All SC-100 Questions]

HOTSPOT -
You are evaluating the security of ClaimsApp.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: No -

Box 2: Yes -
Users will connect to ClaimsApp by using a URL of https://claims.fabrikam.com.
Need certificate for HTTPS.

TLS/SSL certificates -
To enable the HTTPS protocol for securely delivering content on a Front Door custom domain, you must use a TLS/SSL certificate. You can choose to use a certificate that is managed by Azure Front Door or use your own certificate.

Box 3: Yes -
By default, Azure Front Door will respond to all user requests regardless of the location where the request is coming from. In some scenarios, you may want to restrict the access to your web application by countries/regions. The Web application firewall (WAF) service in Front Door enables you to define a policy using custom access rules for a specific path on your endpoint to either allow or block access from specified countries/regions.
Note: Requirements. Security Requirements
Fabrikam identifies the following security requirements:
ג€¢ Internet-accessible applications must prevent connections that originate in North Korea.
Reference:
https://techcommunity.microsoft.com/t5/azure-architecture-blog/permit-access-only-from-azure-front-door-to-azure-app-service-as/ba-p/2000173 https://docs.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https#tlsssl-certificates

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
emiliocb4
Highly Voted 2 years, 1 month ago
it's not clear why the first is NO since all the instances of ClaimsApp is on app services and can be protected by the FD1. for me is YES/YES/YES
upvoted 27 times
...
zellck
Highly Voted 1 year, 5 months ago
YYY is the answer. https://learn.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https#tlsssl-certificates To enable the HTTPS protocol for securely delivering content on a Front Door custom domain, you must use a TLS/SSL certificate. You can choose to use a certificate that is managed by Azure Front Door or use your own certificate.
upvoted 6 times
zellck
1 year, 5 months ago
https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-geo-filtering By default, Azure Front Door will respond to all user requests regardless of the location where the request is coming from. In some scenarios, you may want to restrict the access to your web application by countries/regions. The Web application firewall (WAF) service in Front Door enables you to define a policy using custom access rules for a specific path on your endpoint to either allow or block access from specified countries/regions.
upvoted 1 times
...
zellck
1 year, 5 months ago
https://learn.microsoft.com/en-us/azure/frontdoor/front-door-faq#what-regions-is-the-service-available-in- Azure Front Door is a global service and isn't tied to any specific Azure region. The only location you need to specify while creating a Front Door is the resource group location, which is specifying where the metadata for the resource group gets stored. The Front Door profile itself is created as a global resource and the configuration is deployed globally to all edge locations.
upvoted 2 times
...
...
slobav
Most Recent 1 year, 1 month ago
No,Yes,Yes https://www.youtube.com/watch?v=r-P-2lGzPFQ&list=PLQ2ktTy9rklhzzkSEZvDZT4QSIVUQZD-Y&index=9 Question 114
upvoted 2 times
Ramye
10 months ago
no video with the video link
upvoted 2 times
...
...
Gurulee
1 year, 7 months ago
Focusing on this "ClaimsApp will be deployed to Azure App Service instances that connect to Vnet1 and Vnet2" and with those two Vnet's in different regions, which is supported by FD; my answer would be Yes/Yes/Yes
upvoted 2 times
...
Gurulee
1 year, 8 months ago
Front Door is non-regional and can be used across regions. Therefore, as noted in the case: "A virtual network named Vnet1 in the East US Azure region A virtual network named Vnet2 in the West Europe Azure region", and with ClaimsApp being deployed to both vNet's; I believe its YES to first item.
upvoted 1 times
...
OrangeSG
1 year, 9 months ago
For Box 1 I would choose Yes The question is whether 'FD1 can be used to protect all the instances of ClaimsApp.'. The requirement also mentioned 'ClaimsApp will be deployed to Azure App Service instances'. So the required scope of protection is only App Service instances, not Vnet1, Vnet2 and ClaimsDB. Azure Front Door with WAF able to protection layer 7 web application hosted in Azure App Service. Azure Web Application Firewall on Azure Front Door https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/afds-overview
upvoted 2 times
...
darren888
2 years, 2 months ago
Q1, FD1 be used to protect all the instances of ClaimsApp. as per case study. ClaimsApp will be deployed to Azure App Service instances that connect to Vnet1 and Vnet2. Maybe the answer is no because it cant protect Vnet1 and Vnet2 it is a layer 7 firewall to protect web apps. any thoughts?
upvoted 1 times
...
MallonoX_111
2 years, 2 months ago
Why is the first question No?
upvoted 1 times
Granwizzard
2 years, 2 months ago
The front door only works with HTTP and HTTPS, and connections to a database use other ports or protocols. In this case, only the web app can be protected, since the question is related to all instances it can't protect the DB.
upvoted 5 times
pangchn
2 years, 2 months ago
I don't know if there are others instances can't be protected. But from what I read, ClaimsDB is not asked in the question. The question only mentioned ClaimsApp, which is the app service itself.
upvoted 6 times
Granwizzard
2 years, 2 months ago
If you follow your interpretation then should be yes.
upvoted 1 times
...
...
Gurulee
1 year, 7 months ago
When it says "all instances of ClaimsApp", I would interpret that as how many instances of the app itself and not the related database, etc.. Tricky misleading question in my opinion.
upvoted 3 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...