The security requirement this question wants us to meet is "The secure host must be provisioned from a custom operating system image."
https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-golden-image
Just coming back to this. I'd say you're wrong, sorry.\
Reasons:
1. Compliance requirements trumps all others and remote access connections need to be secure to meet HIPAA, so use of Azure Bastion most probably wins.
2. Azure Bastion doesn't support Azure Virtual Desktop: https://learn.microsoft.com/en-us/azure/bastion/bastion-faq#peering
3. You can deploy a custom image without needing AVD - what do you guys think a VM is exactly?
It says "You need to recommend a solution to meet the security requirements for the virtual machines" ignore the other requirements such as HIPAA etc for this question
I agree that compliance requirements are the most important, but HIPAA or any compliance for that matter does not mandate use of Azure Bastion. As long as you are able to fulfil the security requirements using AVD, it should fit the bill. I would go for C option here.
We need custom image so answer C is only correct.
A yes, but this is in addition to Azure Virtual Desktop
B no because custom image
C yes
D no, but needed for Jit
the requirement to provision the secure host from a custom operating system image can still be met with Azure Bastion. Here's how:
Create a Custom Image: You can create a custom operating system image that includes all the necessary configurations and security settings for your secure host.
Provision the VM: Use this custom image to provision a virtual machine in Azure.
Deploy Azure Bastion: Set up Azure Bastion to provide secure RDP/SSH access to this VM.
"Administrators must connect to a "secure host" to perform any remote administration of the virtual machines. The "secure host" must be provisioned from a custom operating system image."
It is the "Secure Host" that must be provisioned from a custom operating system = locked down with minimum services = Bastion Host
Not sure that is the question : "Administrators must connect to a secure host to perform any remote administration of the virtual machines. The secure host must be provisioned from a custom operating system image." Is normaly intended to use a PAW station not an VDA station to make administration. Solution is for Dev not admins, so Bastion can respond I think.
Answer: C
this is Azure Virtual Desktop
Administrators must connect to a secure host to perform any remote administration of the virtual machines. The secure host must be provisioned from a custom operating system image.
By all accounts Bastion is for secure connections to host (win and linux) for admin and more purposes. Virtual desktop is not a security solution, but a workforce solution saving money and hassle, so not correct for this purpose.
And if a custom VM is needed as the host to connect to other VMs from, then why not set up Bastion to connect to that custom admin VM only.
Selected Answer: C
"The secure host must be provisioned from a custom operating system image."
https://www.youtube.com/watch?v=r-P-2lGzPFQ&list=PLQ2ktTy9rklhzzkSEZvDZT4QSIVUQZD-Y&index=9
To meet the security requirements for the virtual machines, including allowing administrators to connect to a secure host for remote administration, you should recommend:
B. an Azure Bastion host.
Here's how this recommendation aligns with the requirements:
Azure Bastion is a secure and managed jump server that allows you to connect to your virtual machines directly through the Azure portal over SSH or RDP. This ensures secure remote administration of the virtual machines.
The requirement for administrators to connect to a secure host for remote administration is met by using Azure Bastion.
C is the answer.
https://learn.microsoft.com/en-us/azure/virtual-desktop/create-custom-image-templates
Custom image templates in Azure Virtual Desktop enable you to easily create a custom image that you can use when deploying session host virtual machines (VMs). Using custom images helps you to standardize the configuration of your session host VMs for your organization. Custom image templates are built on Azure Image Builder and tailored for Azure Virtual Desktop.
Obviously C here. The requirements state that the "jump box" must be running a custom image. Bastion is a fully managed non-customisanle PaaS product. The only answer that supports the requirement for a custom image is AVD.
“Administrators must connect to a secure host to perform any remote administration of the virtual machines. The secure host must be provisioned from a custom operating system image.”
===
Front the requirements, the second sentence would rule out bastion
This section is not available anymore. Please use the main Exam Page.SC-100 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
PlumpyTumbler
Highly Voted 2 years, 9 months agoPeteNZ
2 years, 3 months agomacka2005
11 months, 2 weeks agoKallMeDan
2 years, 1 month agoJakeCallham
Highly Voted 2 years, 8 months agoadamsca
2 years, 3 months agopdnb
Most Recent 6 months, 1 week agojetnam
1 year, 3 months agoayadmawla
1 year, 4 months agoCharly80
1 year, 5 months agonExoR
1 year, 6 months agoConanBarb
1 year, 9 months agoslobav
1 year, 9 months agosherifhamed
1 year, 9 months agoCock
2 years agozellck
2 years, 1 month agozellck
2 years agoadamsca
2 years, 3 months agoTJ001
2 years, 5 months ago[Removed]
2 years, 6 months agoGurulee
2 years, 3 months agoXyz_40
2 years, 7 months agoBanzaaai
2 years, 8 months ago