Exam AZ-720 topic 6 question 58 discussion

Actual exam question from Microsoft's AZ-720

Question #: 8
Topic #: 6

A company enables just-in-time (JIT) virtual machine (VM) access in Azure.

An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.

You need to determine why some VMs are not supported for JIT VM access.

What should you conclude?

A. The client firewall does not allow port 3389 on the VMs.
B. The administrator is using the Microsoft Defender for Cloud free tier.
C. A network security group is not associated with the VMs.
D. The client firewall does not allow port 22 on the VMs.

Show Suggested Answer

Suggested Answer: C 🗳️

by MarshalLaw at April 13, 2023, 9:48 a.m.

Comments

Submit Cancel

cris_exam

2 years, 2 months ago

Selected Answer: C

C is the answer. For any JIT rule access to work it needs to be added into an associated NSG to the VM subnet/NIC OR if there is an AZFW active in the environment, that also works, but in our case it's the NSG. https://learn.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-usage#work-with-jit-vm-access-using-microsoft-defender-for-cloud

upvoted 2 times

...

MarshalLaw

2 years, 2 months ago

A and D can't because Bastion / JiT works on Port 443. B is a stupid answer so the answer would be C.

upvoted 3 times

...