Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft Exam SC-100 Topic 4 Question 63 Discussion

Actual exam question for Microsoft's SC-100 exam
Question #: 63
Topic #: 4
[All SC-100 Questions]

Your on-premises network contains an Active Directory Domain Services (AD DS) domain named corpxontoso.com and an AD DS-integrated application named App1.

Your perimeter network contains a server named Server1 that runs Windows Server.

You have a Microsoft Entra tenant named contoso.com that syncs with corp.contoso.com.

You plan to implement a security solution that will include the following configurations:

* Manage access to App1 by using Microsoft Entra Private Access.

* Deploy a Microsoft Entra application proxy connector to Server1.

* Implement single sign-on (SSO) for App1 by using Kerberos constrained delegation.

* For Server1, configure the following rules in Windows Defender Firewall with Advanced Security:

o Rule1: Allow TCP 443 inbound from a designated set of Azure URLs.

o Rule2: Allow TCP 443 outbound to a designated set of Azure URLs.

o Rule3: Allow TCP 80 outbound to a designated set of Azure URLs.

o Rule4: Allow TCP 389 outbound to the domain controllers on corp.contoso.com.

You need to maximize security for the planned implementation. The solution must minimize the impact on the connector.

Which rule should you remove?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Isabelle at Mar 22, 2025, 04:17 AM

Limited Time Offer

25%

Off

Get Premium SC-100 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Daisy
27 days ago
Removing Rule4 seems like the best option to me. We can still manage access to the application using the Entra Private Access solution, so the outbound connection to the domain controllers may not be necessary.
upvoted 0 times
Helga
3 days ago
Yeah, Rule4 can be removed as it is related to outbound connections to the domain controllers, which may not be necessary for managing access to the application.
upvoted 0 times
...
Becky
15 days ago
I agree, removing Rule4 makes sense since we are focusing on maximizing security for the planned implementation.
upvoted 0 times
...
...
Howard
1 months ago
LOL, this question is a real head-scratcher. I hope the person who wrote it didn't stay up all night trying to come up with it.
upvoted 0 times
Elina
C) Rule3
upvoted 0 times
...
Rasheeda
8 days ago
B) Rule2
upvoted 0 times
...
Eva
18 days ago
A) Rule1
upvoted 0 times
...
...
Wade
1 months ago
Hmm, I'm not sure. Removing Rule3 might impact the overall security of the solution. Perhaps we could optimize the rules further to minimize the attack surface.
upvoted 0 times
...
Janine
1 months ago
I think Rule3 should be removed. We don't need inbound HTTP traffic to the server, as the application proxy connector can handle the HTTPS communication.
upvoted 0 times
...
Nina
2 months ago
But Rule3 allows TCP 80 outbound, which is not necessary for the planned implementation.
upvoted 0 times
...
Alisha
2 months ago
I disagree, I believe Rule2 should be removed.
upvoted 0 times
...
Nina
2 months ago
I think we should remove Rule3.
upvoted 0 times
...

Save Cancel