ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-300 All Questions

View all questions & answers for the AZ-300 exam
Go to Exam

Exam AZ-300 topic 1 question 46 discussion

Actual exam question from Microsoft's AZ-300
Question #: 46
Topic #: 1
[All AZ-300 Questions]

SIMULATION -
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.






When you are finished performing all the tasks, click the "˜Next' button.
Note that you cannot return to the lab once you click the "˜Next' button. Scoring occur in the background while you complete the rest of the exam.

Overview -
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

To start the lab -
You may start the lab by clicking the Next button.
You need to allow RDP connections over TCP port 3389 to VM1 from the Internet. The solutions must prevent connections from the Internet over all other TCP ports.
What should you do from the Azure portal?

Show Suggested Answer Hide Answer
Suggested Answer: See solution below.
Step 1: Create a new network security group
Step 2: Select your new network security group.

Step 3: Select Inbound security rules. Under Add inbound security rule, enter the following
Destination: Select Network security group, and then select the security group you created previously.

Destination port ranges: 3389 -

Protocol: Select TCP -

References:
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic
by NS at Sept. 23, 2019, 11:31 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
RRRN
Highly Voted 5 years, 5 months ago
why new NSG require to be created. cant the rule be added in already assigned NSG inbound security rule
upvoted 18 times
atulk
5 years, 4 months ago
I agree with RRRN. There is already a default NSG. Should just update it.
upvoted 8 times
...
...
TYT
Highly Voted 5 years, 1 month ago
Go to the VM, Networking, Add inbound Rule, TCP, 3389, Priority >100, Allow, Give a name and save. Do the same thing for Deny, TCP, All, 101, Give a name and Save.
upvoted 16 times
denkes
5 years ago
There is already a "deny by default with prio 65500". In case you add a deny with 101, you would also block port 389 from any sources. The lab states, block 3389 from internet. I would no add an additional "deny".
upvoted 3 times
...
...
sjsanthose
Most Recent 4 years, 9 months ago
The default port for RDP is 3389 over TCP. What else we need to do?
upvoted 1 times
...
vmyilsamy
4 years, 10 months ago
Add rule to allow port 3389
upvoted 1 times
...
ravishankarj
4 years, 10 months ago
if one NSG is created for network interface of VM and another NSG created for subnet of virtual network belonging to VM and both have contradictory rules, which rule will act in VM
upvoted 1 times
andyR
4 years, 9 months ago
NSG - subnet rule applied first NSG - NIC rule applied last
upvoted 1 times
...
...
sinslam
4 years, 11 months ago
1. Add two new inbound rules (Allow and Deny) to the NSG of the VM if it has one. If the VM does not have an NSG, create one. 2. The rules must be explicit for the VM as NSG's can be applied to other VMs, Subnets. 3. Create Allow Rule Source: Internet Port: Any Destination: IP address of VM Port: 3389 Action: Allow Priority: 100 (or anything lower than the existing ones) 4. Create Deny Rule Source: Internet Port: Any Destination: IP address of VM Port: Any Action: Deny Priority: 101 (or anything higher than the allow rule)
upvoted 2 times
...
tundervirld
4 years, 11 months ago
There is three options - Search NSG and review is using in the VM -- And add the inbound rule TCP, 3389, Priority >100, Allow. - Or: If the NSG exists and isn’t associated with VM, assign. -- And add the inbound rule TCP, 3389, Priority >100, Allow. - Or: Create a NSG Networking, by default this DenyAllInBound traffic. -- And add the inbound rule TCP, 3389, Priority >100, Allow
upvoted 1 times
...
krals
5 years, 3 months ago
yes, you dont have to create NSG anymore, it has been applied automatically. So the only thing you have to do is to go to VM and just add an Inbound Rule.
upvoted 5 times
...
NS
5 years, 8 months ago
Step 4: Now you have to connect your rules with the network interface or a subnet. In your NSG got to Settings, Network Interfaces, + Associate (or Settings, Subnets, + Associate) and choose the right NIC (or subnet)
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel