Microsoft Azure Solutions Architect Expert AZ-305 Practice Question
You are designing remote access to an on-premises ASP.NET Core intranet application that is published only on the corporate network. The security team requires that users be able to reach the application from any internet location without using a VPN or opening inbound firewall ports. Access must be protected by Azure AD single sign-on and multifactor authentication, and the solution should require minimal changes to the existing application. Which Azure service should you recommend?
Deploy Azure AD Application Proxy and install the Application Proxy connector on an on-premises server.
Create an Azure VPN Gateway with point-to-site connections and configure split tunneling.
Deploy Azure Bastion and publish the application through an RDP session to an internal web server.
Implement Azure AD Domain Services in Azure and open firewall ports 443 and 80 to the application.
Azure AD Application Proxy is specifically designed to publish on-premises web applications to external users. The proxy establishes an outbound connection from an on-premises connector to Azure, so no inbound firewall rules are necessary. Because the service federates the application with Azure AD, you can apply Conditional Access, single sign-on, and multifactor authentication without modifying the application code.
A VPN gateway with point-to-site access would meet the connectivity requirement but forces every user to establish a VPN session and still requires network-level access rather than Azure AD enforcement at the application layer. Azure AD Domain Services only provides domain join, LDAP, and Kerberos capabilities in Azure and would still need the application to be exposed on the internet through firewall rules, violating the requirement. Azure Bastion secures RDP/SSH to virtual machines and is not intended for publishing web applications to external users. Therefore, Azure AD Application Proxy is the correct choice.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does Azure AD Application Proxy protect against inbound firewall access?
Open an interactive chat with Bash
What is the role of the Application Proxy connector in Azure AD Application Proxy?
Open an interactive chat with Bash
What security features does Azure AD Application Proxy integrate for user authentication?
Open an interactive chat with Bash
Microsoft Azure Solutions Architect Expert AZ-305
Design identity, governance, and monitoring solutions
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .