<< Prev Question Next Question >>
Question 36/75
Your on-premises network contains an Active Directory Domain Services {AD DS) domain named contoso.com that has an internal certification authority (CA).
You have an Azure subscription.
You deploy an Azure application gateway named AppGwy1 and perform the following actions:
* Configure an HTTP listener.
* Associate a routing rule with the listener.
You need to configure AppGwy1 to perform mutual authentication for requests from domain-joined computers to contoso.com.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have an Azure subscription.
You deploy an Azure application gateway named AppGwy1 and perform the following actions:
* Configure an HTTP listener.
* Associate a routing rule with the listener.
You need to configure AppGwy1 to perform mutual authentication for requests from domain-joined computers to contoso.com.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Recent Comments (The most recent comments are at the top.)
To configure AppGwy1 to perform mutual authentication for requests from domain-joined computers to contoso.com, you should perform the following actions in sequence:
1. From AppGwy1, create an SSL profile.
2. From an on-premises computer, upload a certificate to AppGwy1.
3. From AppGwy1, create HTTP listeners and associate the listener to the SSL profile.
4. From AppGwy1, create a routing rule.
Explanation:
1. Create an SSL profile: This is the first step, as the SSL profile is where you configure the mutual authentication settings, including the trusted client CA certificate.
2. Upload a certificate to AppGwy1: You need to upload the trusted client CA certificate from the on-premises Active Directory Domain Services (AD DS) domain to AppGwy1. This certificate will be used to authenticate the client requests.
3. Create HTTP listeners and associate the listener to the SSL profile: After configuring the SSL profile with the trusted client CA certificate, you need to associate it with an HTTP listener to enable mutual authentication for the incoming requests.
4. Create a routing rule: Finally, you need to create a routing rule to direct the incoming requests to the appropriate backend pool or target.
The other action, "From AppGwy1, create a frontend IP configuration," is not necessary for the specific task of configuring mutual authentication. The frontend IP configuration is typically set up earlier in the deployment process.
Citations:
[1] https://learn.microsoft.com/en-us/azure/application-gateway/mutual-authentication-portal
[2] https://learn.microsoft.com/en-us/azure/application-gateway/mutual-authentication-powershell
[3] https://stackoverflow.com/questions/76426791/does-azure-application-gateway-support-conditional-mtls
[4] https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/application-gateway/mutual-authentication-certificate-management.md
[5] https://learn.microsoft.com/en-us/azure/application-gateway/mutual-authentication-overview...