DRAG DROP
You administer an Azure Virtual Machine (VM) named CON-CL1. CON-CL1 is in a cloud
service named ContosoService1.
You discover unauthorized traffic to CON-CL1. You need to:
+ Create a rule to limit access to CON-CL1.
+ Ensure that the new rule has the highest
precedence.
Which Azure Power Shell cmdlets and values should you use? To answer, drag the
appropriate cmdlet or value to the correct location in the Power Shell command. Each cmdlet
or value may be used once, more than once, or not at all. You may need to drag the split bat
between panes or scroll to view content.
Answer: 
Explanation:
Why order is 100. For me it should be “0” as it is lowest possible value to set.
I agree with uper: -order should be 0.
-Order
Specifies the relative order in which this rule should be processed compared to the other rules applied to the ACL object. The lowest order takes precedence.
http://msdn.microsoft.com/en-us/library/dn495192.aspx
And why is it Permit??
The correct must be Deny as the Question clearly states that the rule must LIMIT access…
it is a permit due to an implicit deny comes into effect once any acl has been created. again a dodgy microsoft question as it doesn’t give you the needed details.
example 1
http://msdn.microsoft.com/en-us/library/dn495192.aspx
PS C:\> $acl1 = New-AzureAclConfigC:\PS> Set-AzureAclConfig –AddRule –ACL $acl1 –Order 100 –Action permit –RemoteSubnet “10.0.0.0/8” –Description “Sharepoint ACL config”
The given answer is correct. The order isn’t 0 because it’s invalid. Order must be > 0.
With PowerShell ‘0’ is an accepted value.
-Order 0 is correct …
# create a new ACL
$acl = New-AzureAclConfig
# add some rules to the ACL
Set-AzureAclConfig -AddRule -ACL $acl -Order 0 -Action Permit -RemoteSubnet “1.2.3.4/32” -Description “Allow App01”
Set-AzureAclConfig -AddRule -ACL $acl -Order 1 -Action Permit -RemoteSubnet “172.16.0.0/29” -Description “Allow corp proxies”
Set-AzureAclConfig -AddRule -ACL $acl -Order 2 -Action Deny -RemoteSubnet “0.0.0.0/0” -Description “DenyAll”
The order should be ‘0’ as this is the lowest value (and so the highest priority). I have tested this and it works. The valid range is ‘0’ to ‘65535’
IMHO -Order 0 is the correct answer as it is an Int32, so even though most examples found online start from 100, possible values are those stated by exam monkey, so 0 is the lowest and therefore higher precedence
see https://msdn.microsoft.com/en-us/library/azure/dn495192.aspx
0 is allowed value.
Check
http://blogs.technet.com/b/heyscriptingguy/archive/2013/08/31/weekend-scripter-creating-acls-for-windows-azure-endpoints-part-1-of-2.aspx
it clearly states – “ACL rules are processed in order, starting with rule 0.”
Yes, on Azure when you manage ACL it autofill order as “0”. So definitely supported value
Agree, order should be 0, I’ve used that in the past and it works
Same, tested fine
From the official Microsoft 70-533 Study Book the “-Order 0” is a valid choice
Set-AzureAclConfig -AddRule -ACL $acl -Order 0 -Action Permit -RemoteSubnet “171.100.0.1/24”
We are limiting access by PERMITing the subnet only.
Another crap Microsoft question with lack of detail IMHO! (who writes these!?)
In fact, upon testing -Order is not a required switch so when you omit it the order starts at ‘0’.
This will be the correct,
Set-AzureAclConfig -AddRule -ACL $acl -Order 100 -Action Permit -RemoteSubnet “171.100.0.1/24”
The reason is, if we do not specify -Order, then it will b by default 0, since -Order is there, we have to select either 100 or 300, so the correct value will be 100.