AZ-500 Question #224: Real Exam Question with Answer & Explanation

Question

You have a web app hosted on an on-premises server that is accessed by using a URL of https:// You need to enable HTTPS for the Azure web app. What should you do first?

Options

• AExport the public key from the on-premises server and save the key as a P7b file.
• BExport the private key from the on-premises server and save the key as a PFX file that is
• CExport the public key from the on-premises server and save the key as a CER file.
• DExport the private key from the on-premises server and save the key as a PFX file that is

Explanation

Explanation

To migrate HTTPS from an on-premises server to Azure, you must export the private key in a PFX (Personal Information Exchange) format, as Azure App Service requires the full certificate bundle - including both the private key and the certificate chain - to properly configure SSL/TLS bindings. Option B is correct because a PFX file is the standard container format that bundles the private key, public certificate, and any intermediate certificates together, which is exactly what Azure needs to enable HTTPS.

Why the distractors are wrong:

• Options A and C are incorrect because they involve exporting only the public key (as P7B or CER files), which do not contain the private key - Azure cannot establish a secure SSL connection without it.
• Option D appears similar to B but likely references an incorrect file format or missing password protection; a valid PFX export must be password-protected to secure the private key during transfer.

🧠 Memory Tip: Think "PFX = Private + Full certificate" - Azure always needs the Private key in a PFX file to enable HTTPS. If the export doesn't include the private key, Azure can't do its job. Public keys (CER/P7B) are for sharing, not hosting.

No community discussion yet for this question.