Exam AZ-500 topic 4 question 22 discussion

A is correct. https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time?tabs=jit-config-asc%2Cjit-request-asc Unsupported - VMs without JIT enabled and which don't support the feature. Your VM might be in this tab for the following reasons: Missing network security group (NSG) - JIT requires an NSG to be configured Classic VM - JIT supports VMs that are deployed through Azure Resource Manager, not 'classic deployment'. Learn more about classic vs Azure Resource Manager deployment models. Other - Your VM might be in this tab if the JIT solution is disabled in the security policy of the subscription or the resource group. Unsupported - VMs without JIT enabled and which don't support the feature. Your VM might be in this tab for the following reasons: Missing network security group (NSG) - JIT requires an NSG to be configured Classic VM - JIT supports VMs that are deployed through Azure Resource Manager, not 'classic deployment'. Learn more about classic vs Azure Resource Manager deployment models. Other - Your VM might be in this tab if the JIT solution is disabled in the security policy of the subscription or the resource group.

I love Bill Gates

To enable Just-In-Time (JIT) VM access for VM1, you should replace the Basic Load Balancer with an Azure Standard Load Balancer. JIT operates with network resources in Azure and ensures “deny all inbound traffic” rules exist for your selected ports in the network security group (NSG) and Azure Firewall rules. However, these rules are not supported by Azure Basic Load Balancer, hence the need to upgrade to a Standard Load Balancer. So, the correct answer is C. Replace the Basic Load Balancer with an Azure Standard Load Balancer.

In exam 1/28/24

A is correct , JIT requires NSG to be configured

A. Create and configure a network security group (NSG).

The answer is correct: JIT requires an NSG to be configured or a Firewall configuration (or both)

This question seems outdated. If there is Azure Firewall, NSG no longer mandatory. New Microsoft document on VMs that don't support JIT because: • Missing network security group (NSG) or Azure Firewall - JIT requires an NSG to be configured or a Firewall configuration (or both) Old Microsoft document on VMs that don't support JIT because: • Missing network security group (NSG) - JIT requires an NSG to be configured

A: NSG group is correct

A is correct

A is correct answer.

Exam - 4/11/21

Load balancer is misleading. NSG is the key component for JIT. you can always remote to backend server IP directly without pass thru load balancer without enforcing UDR to firewall (hub environment).

A is correct. either NSG or FireWall is required. see https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained

On exam, May 2021.

This is an important question and correct answer Load balancers connect directly to VM's NIC (not a subnet) so we cannot just assume in this question that an NSG has been created yet. 2nd piece of important info is JIT can only be enabled for an NSG - an NSG can only be applied for VM or Subnet (not the entire Vnet)

Enable JIT on your VMs - You can enable JIT with your own custom options for one or more VMs using Security Center, PowerShell, or the REST API. Alternatively, you can enable JIT with default, hard-coded parameters, from Azure virtual machines. When enabled, JIT locks down inbound traffic to your Azure VMs by creating a rule in your network security group.