Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam AZ-103 topic 16 question 66 discussion

Actual exam question from Microsoft's AZ-103
Question #: 66
Topic #: 16
[All AZ-103 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
✑ A virtual network that has a subnet named Subnet1
✑ Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
✑ A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
✑ Priority: 100
✑ Source: Any
✑ Source port range: *
✑ Destination: *
✑ Destination port range: 3389
✑ Protocol: UDP
✑ Action: Allow
VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You add an inbound security rule to NSG-Subnet1 and NSG-VM1 that allows connections from the internet source to the VirtualNetwork destination for port range 3389 and uses the TCP protocol.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM.
Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Cloudyuga
Highly Voted 3 years, 10 months ago
Finally he mention correct answer
upvoted 14 times
...
jonnybugaloo
Highly Voted 3 years, 9 months ago
Guys, this is wrong. The answer is no. The currently NSG custom RDP rule attached to the VM1 has the priority number 100, which is the first available priority number. Since the question says it will be CREATED a new rule - "Solution: You add an inbound security rule to NSG-Subnet1 and NSG-VM1", the new rule number will be after the one which is blocking RDP, eg. 101, and will become invalid for this scenario. If the custom rule attached on the VM1 wasn't removed or changed, the answer on this scenario will be NO.
upvoted 12 times
eltucutu
3 years, 9 months ago
You are right. Thanks!
upvoted 2 times
Hanuman
3 years, 9 months ago
correct
upvoted 2 times
...
...
robdot
3 years, 9 months ago
The given answer is actually correct. There is no rule 'blocking' RDP mentioned in this question - if you mean the rule 'allowing' UDP 3389, that is irrelevant to the behaviour. You can easily try this yourself to verify.
upvoted 17 times
praveen97
3 years, 8 months ago
Agree with robdot. There is no rule to block RDP traffic in NSG-VM1. So, it will first execute the inbound security rule with prority 100 and it sees UDP. Then it will go to the next rule (assume the new rule priority is 101), then it looks for RDP Allow for TCP port 3383, then the traffic allows RDP connections to VM1. https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#how-traffic-is-evaluated
upvoted 2 times
...
jamesej_2020
3 years, 8 months ago
i tested it in the lab. i added a new inbound security rule in NSG-VM1 that is attached to nic with Priority of 101 and I was able to RDP.
upvoted 1 times
jamesej_2020
3 years, 8 months ago
Therefore the given answer is correct
upvoted 3 times
...
...
...
kumardeb
3 years, 9 months ago
100 is for UDP new rule is for TCP
upvoted 2 times
...
HazemYousry
3 years, 9 months ago
The existing rule on the VM " priority 100" is allow but for UDP Solution is to add a new rule on both Subnet and VM - even if priority is 101, it doesn't conflict with the existing One "both ar allow" The weird thing is the work "Internet source" - nothing called internet in source drop down list, it is either Any, IP, ..etc
upvoted 1 times
jamesej_2020
3 years, 8 months ago
i added another inbound rule with priority 101 in the nsg-vm1 and I was able to connect via rdp.
upvoted 2 times
...
...
...
tashakori
Most Recent 2 weeks, 1 day ago
Correct
upvoted 1 times
...
Ozguraydin
3 years, 2 months ago
Answer is NO. You need to add a outbound rule to NSG-Subnet1 to access RDP.
upvoted 1 times
...
[Removed]
3 years, 10 months ago
It will allow connection since we have allowed at VNet level
upvoted 2 times
...
zakhanz
3 years, 10 months ago
Answer is correct!
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...