New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft SC-100 Exam - Topic 4 Question 63 Discussion

Actual exam question for Microsoft's SC-100 exam
Question #: 63
Topic #: 4
[All SC-100 Questions]

Your on-premises network contains an Active Directory Domain Services (AD DS) domain named corpxontoso.com and an AD DS-integrated application named App1.

Your perimeter network contains a server named Server1 that runs Windows Server.

You have a Microsoft Entra tenant named contoso.com that syncs with corp.contoso.com.

You plan to implement a security solution that will include the following configurations:

* Manage access to App1 by using Microsoft Entra Private Access.

* Deploy a Microsoft Entra application proxy connector to Server1.

* Implement single sign-on (SSO) for App1 by using Kerberos constrained delegation.

* For Server1, configure the following rules in Windows Defender Firewall with Advanced Security:

o Rule1: Allow TCP 443 inbound from a designated set of Azure URLs.

o Rule2: Allow TCP 443 outbound to a designated set of Azure URLs.

o Rule3: Allow TCP 80 outbound to a designated set of Azure URLs.

o Rule4: Allow TCP 389 outbound to the domain controllers on corp.contoso.com.

You need to maximize security for the planned implementation. The solution must minimize the impact on the connector.

Which rule should you remove?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Isabelle at Mar 22, 2025, 04:17 AM

Limited Time Offer

25%

Off

Get Premium SC-100 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Kent
3 months ago
Not sure about this setup, seems a bit overcomplicated.
upvoted 0 times
...
Vesta
3 months ago
Wait, why would you remove Rule2? That seems important!
upvoted 0 times
...
Alana
3 months ago
I think Rule1 should go, less exposure to the internet!
upvoted 0 times
...
Joye
3 months ago
Rule3 is unnecessary for secure access.
upvoted 0 times
...
Tijuana
3 months ago
Definitely keep Rule4, it's crucial for domain communication.
upvoted 0 times
...
Solange
4 months ago
I’m a bit confused, but I wonder if removing Rule2 would impact the outbound connections to Azure.
upvoted 0 times
...
Kanisha
4 months ago
This question reminds me of a practice scenario we did about firewall rules. I think Rule4 is essential for communication with the domain controllers.
upvoted 0 times
...
Chara
4 months ago
I'm not entirely sure, but I feel like Rule1 could be important for inbound traffic to App1.
upvoted 0 times
...
Dusti
4 months ago
I think I remember that Rule3 might be the least necessary since HTTP isn't as secure as HTTPS.
upvoted 0 times
...
Skye
5 months ago
Good point, Emily. I think the best option is to remove Rule1 since it allows inbound HTTPS traffic, which may not be necessary for the connector.
upvoted 0 times
...
Eleni
5 months ago
But what about the Kerberos constrained delegation for the SSO? Wouldn't we need that outbound HTTP traffic to the Azure URLs?
upvoted 0 times
...
Shannan
5 months ago
I'm leaning towards removing Rule3 since it allows outbound HTTP traffic, which could potentially be a security risk.
upvoted 0 times
...
Micheline
5 months ago
Okay, let's think this through step-by-step. We need to maximize security while minimizing impact on the connector, so which rule can we remove?
upvoted 0 times
...
Ora
5 months ago
This question seems straightforward, but I want to make sure I understand the requirements correctly before answering.
upvoted 0 times
...
Daisy
10 months ago
Removing Rule4 seems like the best option to me. We can still manage access to the application using the Entra Private Access solution, so the outbound connection to the domain controllers may not be necessary.
upvoted 0 times
Stefan
9 months ago
Removing Rule4 seems like the best choice to ensure security while minimizing impact on the connector.
upvoted 0 times
...
Helga
9 months ago
Yeah, Rule4 can be removed as it is related to outbound connections to the domain controllers, which may not be necessary for managing access to the application.
upvoted 0 times
...
Becky
10 months ago
I agree, removing Rule4 makes sense since we are focusing on maximizing security for the planned implementation.
upvoted 0 times
...
...
Howard
10 months ago
LOL, this question is a real head-scratcher. I hope the person who wrote it didn't stay up all night trying to come up with it.
upvoted 0 times
Lore
9 months ago
D) Rule4
upvoted 0 times
...
Elina
9 months ago
C) Rule3
upvoted 0 times
...
Rasheeda
10 months ago
B) Rule2
upvoted 0 times
...
Eva
10 months ago
A) Rule1
upvoted 0 times
...
...
Wade
10 months ago
Hmm, I'm not sure. Removing Rule3 might impact the overall security of the solution. Perhaps we could optimize the rules further to minimize the attack surface.
upvoted 0 times
...
Janine
11 months ago
I think Rule3 should be removed. We don't need inbound HTTP traffic to the server, as the application proxy connector can handle the HTTPS communication.
upvoted 0 times
...
Nina
11 months ago
But Rule3 allows TCP 80 outbound, which is not necessary for the planned implementation.
upvoted 0 times
...
Alisha
11 months ago
I disagree, I believe Rule2 should be removed.
upvoted 0 times
...
Nina
11 months ago
I think we should remove Rule3.
upvoted 0 times
...

Save Cancel