ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-103 All Questions

View all questions & answers for the AZ-103 exam
Go to Exam

Exam AZ-103 topic 16 question 65 discussion

Actual exam question from Microsoft's AZ-103
Question #: 65
Topic #: 16
[All AZ-103 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
✑ A virtual network that has a subnet named Subnet1
✑ Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
✑ A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
✑ Priority: 100
✑ Source: Any
✑ Source port range: *
✑ Destination: *
✑ Destination port range: 3389
✑ Protocol: UDP
✑ Action: Allow
VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You add an inbound security rule to NSG-Subnet1 that allows connections from the Any source to the * destination for port range 3389 and uses the TCP protocol. You remove NSG-VM1 from the network interface of VM1.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM.
Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection
by Navo27 at May 10, 2020, 2:35 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Navo27
Highly Voted 5 years, 1 month ago
The answer should be yes because VM NSG is removed
upvoted 20 times
ExamGuy01
5 years, 1 month ago
the answer is YES because you add a inbound RDP rule on the subnet nsg (procressed first)
upvoted 2 times
Bastiaan
4 years, 10 months ago
Its yes, but please know that traffic flows thru both, subnet and interface.
upvoted 2 times
...
...
...
jonnybugaloo
Highly Voted 5 years, 1 month ago
I just tested here, and the answer is yes. I've created a VM, a NSG associated to the subnet, allowing inbound connection from any, to *, port 3389 TCP, and removed the NSG from the VM. The connection was ok from internet to VM. When you have an NSG to the subnet, the traffic flows to the VMs connected on this subnet.
upvoted 9 times
...
tashakori
Most Recent 1 year, 3 months ago
Yes is correct
upvoted 1 times
...
NoobieWon
2 years, 2 months ago
The 6 default rules in a NSG will block RDP on a VM but allow RDP on a Subnet AllowVNetInBound/AllowVnetOutBound will allow RDP on a Subnet DenyAllInbound/DenyAlloutbound will block RDP on a VM
upvoted 1 times
...
Ozguraydin
4 years, 5 months ago
The answer should be YES.
upvoted 1 times
...
tezawynn
4 years, 7 months ago
what the difference between this and question 66?? Seems the same to me.
upvoted 1 times
GayathriRajangam
12 months ago
Question 66 has a different solution. You add an inbound security rule to NSG-Subnet1 and NSG-VM1 that allows connections from the internet source to the VirtualNetwork destination for port range 3389 and uses the TCP protocol.
upvoted 1 times
...
...
megaejay
4 years, 9 months ago
Answer A . A rule to permit RDP traffic may not be created automatically when you create your VM.
upvoted 2 times
...
bnair
4 years, 10 months ago
wrong protocol; doesn't work. Answer is NO
upvoted 2 times
TzzZ
4 years, 10 months ago
dio le lao mo
upvoted 3 times
...
hstorm
4 years, 10 months ago
TCP is indeed the right protocol. Please do not spam !
upvoted 2 times
...
OsimIndia
4 years, 6 months ago
In NSG, protocol ... TCP : 3389 is for RDP only...
upvoted 1 times
...
IanC
2 years, 3 months ago
rule added to NSG-Subnet1 is for TCP rule on NSG1-VM1 is for UDP but that is removed so answer is A
upvoted 1 times
...
...
Lanold
5 years, 1 month ago
answer is correct, destination clould'nt be "*". Allow values for destination are : "Any", "IPAdress", "VirtualNetwork" and "Application security group".
upvoted 1 times
jonnybugaloo
5 years, 1 month ago
Yes, you can. Look at this: Name : default-allow-rdp Id : /subscriptions/guid/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/myNetworkSecurityGroup/securityRules/default-allow-rdp Etag : ProvisioningState : Succeeded Description : Protocol : TCP SourcePortRange : * DestinationPortRange : 3389 SourceAddressPrefix : * DestinationAddressPrefix : * Access : Allow Priority : 1000 Direction : Inbound https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection Item 2 on troubleshooting using Azure Powershell
upvoted 1 times
...
...
zakhanz
5 years, 1 month ago
The answer should be YES. Because NSGVM is removed and NSG subnet rule is allowed with TCP 3389.
upvoted 1 times
...
exam4rtist
5 years, 1 month ago
I agree, with Navo27, the answer is A because the subnet NSG is now allowing inbound RDP traffic and the VM NSG is out of the way. On a side note: the explanation in the solution is wrong; it misquotes the referenced doc (https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection). The correct quote is: "A rule to permit RDP traffic may not be created automatically when you create your VM."
upvoted 6 times
praveen97
5 years ago
Agree with exam4rtist. The answer is A - YES Network Security Group: NSG-VM1 is removed from the network interface of VM1. Also this NSG is not associated with Subnet. So, this will not execute any inbound rules when a user is connecting to VM1. Network Security Group: NSG-Subnet1 is associated to Subnet1 and also it has the custom inbound security rule is added to allow RDP (TCP Port 3389) connections from internet. So, while connecting to VM1 through RDP from internet, then only NSG-Subnet1 inbound security rules will get executed and so the RDP traffic is allowed to VM1.
upvoted 4 times
...
...
Cloudyuga
5 years, 1 month ago
Given answer is wrong ..Correct answer is A.yes ...Given solution in question will work
upvoted 2 times
...
akamal
5 years, 1 month ago
it's A
upvoted 2 times
...
CristianN
5 years, 1 month ago
If VM NSG will be removed, the inbound connections rule will fall on the other NSG that has only the default rules (Inbound connections denied by default)
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel