SC-100 Question #240: Real Exam Question with Answer & Explanation

Question

Your on-premises network contains an Active Directory Domain Services (AD DS) domain named corp.contoso.com and an AD DS-integrated application named App1. Your perimeter network contains a server named Server1that runs Windows Server. You have a Microsoft Entra tenant named contoso.com that syncs with corp.contoso.com. You plan to implement a security solution that will include the following configurations: - Manage access to App1 by using Microsoft Entra Private Access. - Deploy a Microsoft Entra application proxy connector to Server1. - Implement single sign-on (SSO) for App1 by using Kerberos constrained delegation. For Server1, configure the following rules in Windows Defender Firewall with Advanced Security: - Rule1: Allow TCP 443 inbound from a designated set of Azure URLs, - Rule2: Allow TCP 443 outbound to a designated set of Azure URLs, - Rule3: Allow TCP 80 outbound to a designated set of Azure URLs, - Rule4: Allow TCP 389 outbound to the domain controllers on corp.contoso.com. You need to maximize security for the planned implementation. The solution must minimize the impact on the connector. Which rule should you remove?

Options

• ARule1
• BRule2
• CRule3
• DRule4

Explanation

Rule3 allows TCP 80 outbound traffic to a designated set of Azure URLs. TCP 80 is associated with unencrypted HTTP traffic, which poses a security risk because it does not encrypt data, potentially exposing sensitive information in transit. By removing this rule, you can ensure that all communication Server1 and Azure is encrypted, which aligns with security best practices for minimizing data exposure. Additionally, this change will not between HTTPS (TCP 443) connections are still allowed for necessary communications. impact the functioning of the application proxy connector, as secure

No community discussion yet for this question.