Free Microsoft Cybersecurity SC-100 Actual Exam Questions - Question 6 Discussion

Option B makes sense here. Relying on a single backend IP isn’t reliable since Front Door’s IPs can change or be multiple. Access restrictions need to cover the full IP range or use service tags instead.

B/D? You can’t really trust a single backend IP because Front Door uses a range that could change anytime. Even if you whitelist one IP, others might still get through or legit traffic might get blocked. Using service tags or header validation is safer since they cover all Front Door traffic dynamically without risking lockout due to IP changes. So just allowing one backend IP won’t fully meet the goal here.

Makes sense to say no here, option B. Besides the IP changes, Front Door uses a range of IPs that aren't guaranteed to stay the same, so relying on just one backend IP won’t cut it. Using service tags or checking a custom header is more reliable to make sure traffic truly comes from Front Door.

B imo, because Front Door’s IPs aren’t static and can change. Relying on fixed backend IP restrictions won’t guarantee security. It’s better to use service tags or validate with a custom header for safer access control.

B. No, because Front Door’s backend IPs can change, so blocking by IP isn’t reliable. Using service tags is better since they’re maintained by Azure and reflect the correct IP ranges securely. Also, validating a custom header set by Front Door is a good extra layer to make sure traffic is legit.

B. No. The backend IP address of Front Door isn’t fixed, so restricting access based on that won’t reliably work. You need to use the built-in Front Door service tags or validate the incoming traffic with some header or token to ensure it’s coming from Front Door. Just using IP restrictions alone will likely block legit traffic or let others in unintentionally.