Microsoft Exam AZ-801 Topic 2 Question 78 Discussion

Actual exam question for Microsoft's AZ-801 exam

Question #: 78
Topic #: 2

You have a server that runs Windows Server. The server is configured to encrypt all incoming traffic by using a connection security rule.

You need to ensure that Server1 can respond to the unencrypted tracert commands initiated from computers on the same network.

What should you do from Windows Defender Firewall with Advanced Security?

AFrom the IPsec Settings, configure IPsec defaults.

BCreate a new custom outbound rule that allows ICMPv4 protocol connections for all profiles.

CChange the Firewall state of the Private profile to Off.

DFrom the IPsec Settings, configure IPsec exemptions.

Show Suggested Answer

Suggested Answer: D

by Cyril at Jun 12, 2025, 01:35 AM

Limited Time Offer

25%

Off

Get Premium AZ-801 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Svetlana

20 days ago

You know, I once tried to tracert a server that was behind a military-grade encryption firewall. Let's just say the results were... explosive. Option D is the way to go here.

upvoted 0 times

Paola

5 hours ago

Definitely, configuring IPsec exemptions is the way to go to allow unencrypted tracert commands.

upvoted 0 times

...

Garry

2 days ago

I agree, option D is the best choice for this scenario.

upvoted 0 times

...

Gertude

28 days ago

Turning off the firewall? What is this, amateur hour? Option B is the way to go. We need to specifically allow the ICMP traffic.

upvoted 0 times

...

Dalene

29 days ago

I think Option D is the correct answer. IPsec exemptions should let the tracert commands through while keeping the rest of the traffic encrypted.

upvoted 0 times

Lenna

4 days ago

Let's go with Option D then, it seems like the best choice to allow the tracert commands.

upvoted 0 times

...

Evette

11 days ago

I agree, IPsec exemptions should work to allow the unencrypted tracert commands.

upvoted 0 times

...

Mable

18 days ago

Option D is correct. IPsec exemptions will allow the tracert commands through.

upvoted 0 times

...

Bethanie

2 months ago

Haha, turning off the firewall? Yeah, right, that's not the solution we're looking for here. Option D seems more promising.

upvoted 0 times

Rodolfo

18 days ago

User2: Yeah, Option D to configure IPsec exemptions sounds like the way to go.

upvoted 0 times

...

Leslie

19 days ago

User1: I agree, turning off the firewall is not the best solution.

upvoted 0 times

...

Keith

2 months ago

But wouldn't configuring IPsec exemptions from the IPsec Settings also achieve the same result?

upvoted 0 times

...

Judy

2 months ago

I agree with Kimbery. Allowing ICMPv4 protocol connections would enable Server1 to respond to unencrypted tracert commands.

upvoted 0 times

...

Eun

2 months ago

Option B sounds like the way to go. We need to allow unencrypted traffic for tracert, and creating a custom outbound rule for ICMPv4 should do the trick.

upvoted 0 times

Britt

22 days ago

Great, let's go ahead and configure that custom outbound rule in Windows Defender Firewall with Advanced Security.

upvoted 0 times

...

Shenika

26 days ago

That makes sense. By allowing ICMPv4 protocol connections, Server1 will be able to respond to unencrypted tracert commands initiated from computers on the same network.

upvoted 0 times

...

Carmela

28 days ago

I agree, creating a new custom outbound rule that allows ICMPv4 protocol connections for all profiles seems like the best solution.

upvoted 0 times

...

Juliana

1 months ago

Option B sounds like the way to go. We need to allow unencrypted traffic for tracert, and creating a custom outbound rule for ICMPv4 should do the trick.

upvoted 0 times

...

Kimbery

2 months ago

I think we should create a new custom outbound rule that allows ICMPv4 protocol connections for all profiles.

upvoted 0 times

...