You have an Azure virtual machine named VM1.
The network interface for VM1 is configured as shown in the exhibit. (Click the Exhibit tab.)
You deploy a web server on VM1, and then create a secure website that is accessible by using the HTTPS protocol. VM1 is used as a web server only.
You need to ensure that users can connect to the website from the internet.
What should you do?
To enable users to connect to the website using the HTTPS protocol (port 443), you need to create a new inbound rule that allows TCP traffic on port 443 with a priority lower than the existing rule that denies it. Since the current denial rule for port 443 (Rule2) has a priority of 500, you need to create a new inbound rule with a priority lower than 500. Creating a new inbound rule that allows TCP protocol 443 and configuring its priority to 501 will not work. Instead, creating a rule with a priority of 300 or below will ensure it takes precedence over the denial. Therefore, creating a new inbound rule that allows TCP protocol 443 with a priority lower than 500 is the correct solution.
The answer is correct. HTTPS is on Port 443 inbound. This is the only port needed to be open for secure connections to the web server.
And also the rule that allows port 443 to be in the correct order. In this case before the Deny 443 rule from top to down.
yes, answers are correct.
This is ridiculous. It's used only as a secure web server, bet the solution is to open up a bunch of random ports..
indeed... Better solution was to edit Rule 2, remove port 80 and change it to allow.
It is a certification test, adderall. They gotta overcomplicate things sometimes.
It is a certification test, adderall. They gotta overcomplicate things sometimes.
Guys with guns to judsge what could have been a better solution, hang on! You aren't asked to redesign anything . All you have to choose from the following answers to pick the right one and move to next qs. B is right answer from the given choices
A is pointless. you would get block by rule 500 first. B is most viable answer. C makes no sense. 400 and 500 do the same thing exception 500 has 443 also. D definitely not. why make more work and change to UDP than you block all the UDP traffic for those ports.
Answer B is correct.This is a BIG security hole, but the only option to permit inbound traffic from port 443
Came in exam 1st Aug 2020
We have to choose from given option. We can not just create our own answer. So B is correct one
Not an option but just remove 443 from rule 2?
Can we not simply create a new rule (A) and give 443 access with priority 200 or 301?
Came in Exam , Exam given on 06.07.2020
Its confusing as we dont use port 80(http) we are using port 443(https) so given answer is correct
Answer is correct, HTTPS is on port 443.
D is a trick. Pays to read top-down on this one
If I see the rule 4 which is that to change it protocol to TCP should be considered as an answer, as if we change the priority of that rule and change it to Allow it would make more ports available to internet and that could be the risk for the VM.
that to change the protocol *
In the reference of Rule 5 I mentioned about the ports issues
In the reference of Rule 5 I mentioned about the ports issues
that to change the protocol *
In the reference of Rule 5 I mentioned about the ports issues
In the reference of Rule 5 I mentioned about the ports issues
And Rule1 is pointless
Rule 1 blocks access to port 80, which is used for HTTP, not HTTPS. Therefore Rule1 is not pointless
Rule 1 is pointless because the same objective is being achieved by rule 2.
I agree, that will allow may ports.
None of these are quite correct in my opinion. The proper solution would be to edit out port 80 and change the action to allow. There's no reason to change the priority anyway... It doesn't accomplish anything in the current setting
Guys who are saying B is correct, not sure if they have seen the Action for rule 5 is Deny. So not sure how changing the priority is going to help here. To me the close answer would be option D (Modify the protocol to TCP instead of UDP). I know the fact that it will allow much more than TCP port 443 but question does not say that NSG should allow only 443.
The answer for B includes "change the Action to Allow", so your statement is incorrect. The answer also cannot possibly be D, as HTTPS will still be blocked by Rule 2. B is the only logical answer, albeit extremely overkill and not something I would do in production.
I was also wondering, what would changing this priority do anything. I totally missed out the bit that says, change the Action to Allow. If you change it to allow, and set lower priority than the deny rule, then ofcourse B is the answer. Thanks
I was also wondering, what would changing this priority do anything. I totally missed out the bit that says, change the Action to Allow. If you change it to allow, and set lower priority than the deny rule, then ofcourse B is the answer. Thanks
Answer is correct
Correct! Here should be very clear and careful! Rule1 and Rule2 are all blocking HTTP and HTTPs, so only delete Rule1 is not enough. And the rules' priority is also one very important key should be concerned.
Correct Answer: HTTPS uses port 443. Rule2, with priority 500, denies HTTPS traffic. Rule5, with priority changed from 2000 to 401, would allow HTTPS traffic. Note: Priority is a number between 100 and 4096. Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.