Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft AZ-801 Exam - Topic 2 Question 78 Discussion

You have a server that runs Windows Server. The server is configured to encrypt all incoming traffic by using a connection security rule.You need to ensure that Server1 can respond to the unencrypted tracert commands initiated from computers on the same network.What should you do from Windows Defender Firewall with Advanced Security?
D) From the IPsec Settings, configure IPsec exemptions.
A) From the IPsec Settings, configure IPsec defaults.
B) Create a new custom outbound rule that allows ICMPv4 protocol connections for all profiles.
C) Change the Firewall state of the Private profile to Off.

Microsoft AZ-801 Exam - Topic 2 Question 78 Discussion

Actual exam question for Microsoft's AZ-801 exam
Question #: 78
Topic #: 2
[All AZ-801 Questions]

You have a server that runs Windows Server. The server is configured to encrypt all incoming traffic by using a connection security rule.

You need to ensure that Server1 can respond to the unencrypted tracert commands initiated from computers on the same network.

What should you do from Windows Defender Firewall with Advanced Security?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Cyril at Jun 12, 2025, 01:35 AM

Limited Time Offer

25%

Off

Get Premium AZ-801 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Leslie
5 months ago
C is a bad idea, turning off the firewall is risky!
upvoted 0 times
...
Dalene
6 months ago
I agree, B makes the most sense here.
upvoted 0 times
...
Rene
6 months ago
Option B is the way to go! ICMP needs to be allowed.
upvoted 0 times
...
Precious
6 months ago
Wait, can we really allow unencrypted traffic like that?
upvoted 0 times
...
Charlesetta
6 months ago
Not so sure about that, what if there's a security risk?
upvoted 0 times
...
Cristal
6 months ago
I vaguely recall something about IPsec exemptions, but I’m not confident if that applies here. I think allowing ICMP directly is more straightforward.
upvoted 0 times
...
Karon
7 months ago
I feel like changing the Firewall state to Off could be risky. We should probably keep some protections in place.
upvoted 0 times
...
Michal
7 months ago
I'm not entirely sure, but I think creating a custom outbound rule for ICMPv4 might be the right approach. It sounds familiar from our practice questions.
upvoted 0 times
...
Marcos
7 months ago
I remember we discussed how ICMP traffic is often blocked by default in firewalls. I think we need to allow it for tracert to work.
upvoted 0 times
...
Cherelle
7 months ago
Option A seems like it might be overkill. Configuring the IPsec defaults doesn't seem directly relevant to the problem at hand.
upvoted 0 times
...
Erinn
8 months ago
I'm leaning towards option D. If we can configure IPsec exemptions, that might be the cleanest way to allow the unencrypted tracert commands without compromising the overall security.
upvoted 0 times
...
Cassandra
8 months ago
I'm a bit confused. Wouldn't changing the Firewall state to Off in option C be a security risk? I'm not sure that's the best approach.
upvoted 0 times
...
Filiberto
8 months ago
Okay, let's see. The key here is that we need to allow unencrypted tracert commands, while the server is configured to encrypt all incoming traffic. I think option B might be the way to go.
upvoted 0 times
...
Irene
8 months ago
Hmm, this seems like a tricky one. I'll need to think carefully about the implications of each option.
upvoted 0 times
...
Svetlana
11 months ago
You know, I once tried to tracert a server that was behind a military-grade encryption firewall. Let's just say the results were... explosive. Option D is the way to go here.
upvoted 0 times
Paola
10 months ago
Definitely, configuring IPsec exemptions is the way to go to allow unencrypted tracert commands.
upvoted 0 times
...
Garry
10 months ago
I agree, option D is the best choice for this scenario.
upvoted 0 times
...
...
Gertude
11 months ago
Turning off the firewall? What is this, amateur hour? Option B is the way to go. We need to specifically allow the ICMP traffic.
upvoted 0 times
...
Dalene
11 months ago
I think Option D is the correct answer. IPsec exemptions should let the tracert commands through while keeping the rest of the traffic encrypted.
upvoted 0 times
Lenna
10 months ago
Let's go with Option D then, it seems like the best choice to allow the tracert commands.
upvoted 0 times
...
Evette
10 months ago
I agree, IPsec exemptions should work to allow the unencrypted tracert commands.
upvoted 0 times
...
Mable
11 months ago
Option D is correct. IPsec exemptions will allow the tracert commands through.
upvoted 0 times
...
...
Bethanie
12 months ago
Haha, turning off the firewall? Yeah, right, that's not the solution we're looking for here. Option D seems more promising.
upvoted 0 times
Rodolfo
11 months ago
User2: Yeah, Option D to configure IPsec exemptions sounds like the way to go.
upvoted 0 times
...
Leslie
11 months ago
User1: I agree, turning off the firewall is not the best solution.
upvoted 0 times
...
...
Keith
12 months ago
But wouldn't configuring IPsec exemptions from the IPsec Settings also achieve the same result?
upvoted 0 times
...
Judy
12 months ago
I agree with Kimbery. Allowing ICMPv4 protocol connections would enable Server1 to respond to unencrypted tracert commands.
upvoted 0 times
...
Eun
12 months ago
Option B sounds like the way to go. We need to allow unencrypted traffic for tracert, and creating a custom outbound rule for ICMPv4 should do the trick.
upvoted 0 times
Britt
11 months ago
Great, let's go ahead and configure that custom outbound rule in Windows Defender Firewall with Advanced Security.
upvoted 0 times
...
Shenika
11 months ago
That makes sense. By allowing ICMPv4 protocol connections, Server1 will be able to respond to unencrypted tracert commands initiated from computers on the same network.
upvoted 0 times
...
Carmela
11 months ago
I agree, creating a new custom outbound rule that allows ICMPv4 protocol connections for all profiles seems like the best solution.
upvoted 0 times
...
Juliana
11 months ago
Option B sounds like the way to go. We need to allow unencrypted traffic for tracert, and creating a custom outbound rule for ICMPv4 should do the trick.
upvoted 0 times
...
...
Kimbery
12 months ago
I think we should create a new custom outbound rule that allows ICMPv4 protocol connections for all profiles.
upvoted 0 times
...

Save Cancel