You need to configure WebApp1 to meet the data and application requirements. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Correct Answer: B
Explanation:
The correct answers are B. Turn on the HTTPS Only protocol setting and E. Turn on the Incoming client certificates protocol setting. Enabling HTTPS Only ensures that all communication between users and WebApp1 is encrypted by forcing requests to use HTTPS instead of HTTP, helping to protect sensitive data during transmission. Enabling Incoming client certificates allows the application to receive and validate client certificates from users or devices, which is required when certificate-based authentication is part of the application requirements. The other options do not fully meet the stated requirements. Uploading a public certificate is primarily used for custom domain SSL configuration, setting the minimum TLS version only controls the security protocol version, and changing the App Service pricing tier is unnecessary unless a specific feature requires it. Therefore, turning on HTTPS Only and Incoming client certificates is the correct solution.
Question 2
You need to ensure that you can meet the security operations requirements. What should you do first?
Correct Answer: C
Explanation:
The Standard tier extends the capabilities of the Free tier to workloads running in private and other public clouds, providing unified security management and threat protection across your hybrid cloud workloads. The Standard tier also adds advanced threat detection capabilities, which uses built-in behavioral analytics and machine learning to identify attacks and zero-day exploits, access and application controls to reduce exposure to network attacks and malware, and more. Scenario: Security Operations Requirements Litware must be able to customize the operating system security configurations in Azure Security Center.
Question 3
You need to ensure that users can access VM0. The solution must meet the platform protection requirements. What should you do?
Correct Answer: D
Explanation:
The correct answer is D. On Firewall, configure a DNAT (Destination Network Address Translation) rule. When a virtual machine is protected behind Azure Firewall, inbound internet traffic cannot reach the VM directly. To allow users to access VM0 while still meeting the platform protection requirements, Azure Firewall must translate incoming requests on its public IP address to the private IP address of the VM. This is achieved by configuring a DNAT rule. The other options do not provide external access to the VM. Moving the VM to another subnet, assigning a route table to AzureFirewallSubnet, or configuring a network traffic filtering rule alone will not publish the VM for inbound connections. Therefore, a DNAT rule is required to securely enable user access to VM0 through Azure Firewall.
Demo Practice Mode
You are viewing only the questions marked as Demo.