Microsoft Cybersecurity Architect — Question 20

You have the following on-premises servers that run Windows Server:

• Two domain controllers in an Active Directory Domain Services (AD DS) domain
• Two application servers named Server1 and Server2 that run ASP.NET web apps
• A VPN server named Served that authenticates by using RADIUS and AD DS

End users use a VPN to access the web apps over the internet.

You need to redesign a user access solution to increase the security of the connections to the web apps. The solution must minimize the attack surface and follow the Zero Trust principles of the Microsoft Cybersecurity Reference Architectures (MCRA).

What should you include in the recommendation?

Answer options

• A. Publish the web apps by using Azure AD Application Proxy.
• B. Configure the VPN to use Azure AD authentication.
• C. Configure connectors and rules in Microsoft Defender for Cloud Apps.
• D. Configure web protection in Microsoft Defender for Endpoint.

Correct answer: A

Explanation

The correct answer is A, as publishing the web apps through Azure AD Application Proxy enhances security by providing secure remote access without exposing the apps directly to the internet. Option B, while improving authentication, does not inherently reduce the attack surface as effectively as Azure AD Application Proxy. Options C and D focus on application security and endpoint protection, but do not directly address secure access to the web apps.