Developing ASP.NET MVC Web Applications — Question 63

You plan to deploy an ASP.NET Core MVC web application to an internal server cluster that runs Kestrel on Linux. The server cluster hosts many other web applications. All applications are behind a Nginx load balancer.
You need to ensure that the application meets the following requirements:
✑ Secure against man-in-the-middle attacks.
✑ Allow Open ID Connect authentication.
✑ Cache responses using HTTP caching.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

Answer options

• A. Bind Kestrel to port 0.
• B. Terminate Secure Sockets Layer (SSL) in Kestrel.
• C. Configure ASP.NET Core to use forwarded headers.
• D. Enable the proxy_cache_bypass module.

Correct answer: A, C

Explanation

Binding Kestrel to port 0 allows the operating system to assign a random port, enhancing security against man-in-the-middle attacks. Additionally, configuring ASP.NET Core to use forwarded headers is essential when behind a proxy like Nginx for proper handling of requests. Terminating SSL in Kestrel is incorrect as it should be handled by Nginx for better performance, and enabling the proxy_cache_bypass module is unrelated to the application's security and authentication needs.