Configure Windows Defender Firewall for Tracert Commands | Answer to AZ-801 Exam Question

Allowing Unencrypted Tracert Commands on Windows Server | Exam Answer

Prev Question Next Question

Question

You have a server that runs Windows Server. The server is configured to encrypt all incoming traffic by using a connection security rule.

You need to ensure that Server1 can respond to the unencrypted tracert commands initiated from computers on the same network.

What should you do from Windows Defender Firewall with Advanced Security?

Answers

A. From the IPsec Settings, configure IPsec defaults.

B. Create a new custom outbound rule that allows ICMPv4 protocol connections for all profiles.

C. Change the Firewall state of the Private profile to Off.

D. From the IPsec Settings, configure IPsec exemptions.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

The correct answer to the question is B. Create a new custom outbound rule that allows ICMPv4 protocol connections for all profiles.

Explanation: The scenario described in the question involves a server that has been configured to encrypt all incoming traffic using a connection security rule. This means that any incoming traffic to the server, including tracert commands, will be encrypted. However, the question requires that the server should be able to respond to unencrypted tracert commands initiated from computers on the same network.

To enable the server to respond to unencrypted tracert commands, we need to create an outbound rule that allows the ICMPv4 protocol connections. ICMP is the protocol used by tracert commands to send and receive packets.

To create a new custom outbound rule that allows ICMPv4 protocol connections, we can follow the steps below:

Open the Windows Defender Firewall with Advanced Security console.
Click on the Outbound Rules option in the left-hand pane.
Click on the New Rule option in the right-hand pane.
In the New Outbound Rule Wizard, select the Custom rule option and click on the Next button.
In the Program step, leave the default setting (All programs) and click on the Next button.
In the Protocol and Ports step, select the ICMPv4 protocol option and click on the Next button.
In the Scope step, leave the default settings (Any IP address) and click on the Next button.
In the Action step, select the Allow the connection option and click on the Next button.
In the Profile step, select all the profiles (Domain, Private, and Public) and click on the Next button.
In the Name step, give the rule a name (e.g., Allow ICMPv4 Out) and click on the Finish button.

This will create a new custom outbound rule that allows the ICMPv4 protocol connections for all profiles. With this rule in place, the server should be able to respond to unencrypted tracert commands initiated from computers on the same network.

Prev Question Next Question