ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-303 All Questions

View all questions & answers for the AZ-303 exam
Go to Exam

Exam AZ-303 topic 1 question 33 discussion

Actual exam question from Microsoft's AZ-303
Question #: 33
Topic #: 1
[All AZ-303 Questions]

HOTSPOT -
You have an Azure subscription that contains a resource group named RG1.
You have a group named Group1 that is assigned the Contributor role for RG1.
You need to enhance security for the virtual machines in RG1 to meet the following requirements:
✑ Prevent Group1 from assigning external IP addresses to the virtual machines.
✑ Ensure that Group1 can establish a Remote Desktop connection to the virtual machines through a shared external IP address.
What should you use to meet each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Azure Policy -
There is a built-in policy in the Azure Policy service that allows you to block public IPs on all NICs of a VM.
Note: Azure Policy is a powerful tool in your Azure toolbox. It allows you to enforce specific governance principals you want to see implemented in your environment. Some key examples of what Azure Policy allows you to do is:

Automatically tag resources -

✑ Block VMs from having a public IP
✑ Enforce specific regions
✑ Enforce VM size

Box 2: Azure Bastion -
Azure Bastion is a fully managed PaaS service that provides secure and seamless RDP and SSH access to your virtual machines directly through the Azure
Portal.
Azure Bastion is provisioned directly in your Virtual Network (VNet) and supports all VMs in your Virtual Network (VNet) using SSL without any exposure through public IP addresses.
Incorrect Answers:
Virtual Network (VNet) service endpoint provides secure and direct connectivity to Azure services over an optimized route over the Azure backbone network.
Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Service Endpoints enables private IP addresses in the VNet to reach the endpoint of an Azure service without needing a public IP address on the VNet.
Reference:
https://blog.nillsf.com/index.php/2019/11/02/using-azure-policy-to-deny-public-ips-on-specific-vnets/ https://azure.microsoft.com/en-us/services/azure-bastion/
by sreejit4u2003 at May 31, 2021, 2:58 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Chuck_Strut
Highly Voted 3 years, 11 months ago
the second box in my exam was load balancer not bastion
upvoted 8 times
TSMRE
3 years, 11 months ago
Load Balancers work too with NAT rules
upvoted 6 times
...
17Master
3 years, 4 months ago
But there is no such option
upvoted 1 times
...
...
sanketh123
Highly Voted 3 years, 9 months ago
Does bastion provide an external IP address?
upvoted 5 times
mpellizzon
3 years, 7 months ago
No it does not. It provides private IP Address. WAF should be the correct one.
upvoted 3 times
JayBee65
3 years, 3 months ago
WAF is most definitely not the correct answer. I think it most have been April Fools Day when you answered!
upvoted 1 times
...
17Master
3 years, 4 months ago
Check Azure Bastion values: https://docs.microsoft.com/en-us/azure/bastion/quickstart-host-portal
upvoted 1 times
...
...
JayBee65
3 years, 3 months ago
It uses an external address.
upvoted 1 times
...
17Master
3 years, 4 months ago
Azure Bastion values: https://docs.microsoft.com/en-us/azure/bastion/quickstart-host-portal
upvoted 1 times
...
...
Suwani
Most Recent 3 years, 4 months ago
Answer is correct
upvoted 1 times
...
quantumray
3 years, 5 months ago
Question appeared On AZ-303 exam on 08/12/2021 - 49 questions, 4Q - Fabrikan case study
upvoted 1 times
...
resq4u
3 years, 5 months ago
The answer is correct. For second part, Bastion is the correct answer as although the VMs don't require public IPs but Bastion server does require a public IP to which clients can connect.
upvoted 2 times
...
poplovic
3 years, 7 months ago
Bastion is the correct answer for (2). The shared external IP address is the public IP address of Bastion.
upvoted 2 times
...
chris009
3 years, 7 months ago
Wrong answer. should be Azure policy and WAF
upvoted 2 times
JayBee65
3 years, 3 months ago
WAF??? For RDP. That makes no sense, please explain.
upvoted 1 times
...
...
syu31svc
3 years, 8 months ago
Answer is correct Policy to prevent assignment and Bastion for RDP
upvoted 3 times
...
Rens19991
3 years, 9 months ago
Load balancer or Azure WAF for Box 2
upvoted 2 times
...
goTEXANS
3 years, 10 months ago
https://docs.microsoft.com/en-us/azure/bastion/vnet-peering Azure Bastion works with the following types of peering: Virtual network peering: Connect virtual networks within the same Azure region. Global virtual network peering: Connecting virtual networks across Azure regions.
upvoted 1 times
...
sreejit4u2003
3 years, 11 months ago
Answer is Correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago