SIMULATION - You need to configure Azure to allow RDP connections from the Internet to a virtual machine named VM1. The solution must minimize the attack surface of VM1. To complete this task, sign in to the Azure portal.
Suggested Answer:See the explanation below.
To enable the RDP port in an NSG, follow these steps: 1. Sign in to the Azure portal. 2. In Virtual Machines, select VM1 3. In Settings, select Networking. 4. In Inbound port rules, check whether the port for RDP is set correctly. The following is an example of the configuration:
Its best to configure this way
1. Create VM in a private subnet
2. Create a Azure FW in another subnet
3. Then user NAT-GW to allow traffic from internet to access VM in private subnet via firewall
4. You can configure all rules to reduce attack surface form internet using the azure firewall
We're asked to "minimize the attack surface", and JIT documentation explicitly mentions that JIT about 'reducing the attack surface' while Bastion documentation does not. As the question tend to follow documentation rather than reality, I'd vote for JIT.
exactly my thoughts as well. the key point is "Reduce attack surface". for any access to a VM (RDP port 3389, WinRM-Powershell port 5895,5986), if you need to reduce attack surface you need to ensure only Azure AD authenticated users can request access.
So the best options would be either Bastion access or even better JIT access.
why? they are both used for RDP access.
see these resources:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-usage?tabs=jit-config-asc%2Cjit-request-asc
https://learn.microsoft.com/en-us/azure/bastion/bastion-connect-vm-rdp-windows
This section is not available anymore. Please use the main Exam Page.AZ-500 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Spamuel
Highly Voted 4 years, 10 months agoplanb7000
4 years, 10 months agoNnanna29
4 years, 6 months agohariprasad0511
Highly Voted 3 years, 9 months ago91743b3
Most Recent 10 months agonExoR
10 months, 1 week agopentium75
10 months, 1 week agoTheProfessor
1 year, 8 months agoPupu86
1 year, 12 months agogbx077
2 years, 2 months agoF117A_Stealth
2 years, 6 months agojoanjcanals
2 years, 8 months agokoreshio
2 years, 7 months agoIvanvazovv
2 years, 10 months agoOpsecDude
2 years, 8 months agomung
2 years, 6 months agokoreshio
2 years, 7 months agoimie
3 years, 5 months agoorallony
3 years, 8 months agorainmakerho
3 years, 8 months agopoplovic
3 years, 9 months agoam20
4 years agoam20
4 years agoChinkSantana
3 years, 11 months agorsamant
3 years, 5 months agoFred64
4 years ago