Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Microsoft Exam AZ-104 Topic 14 Question 94 Discussion

Actual exam question for Microsoft's AZ-104 exam
Question #: 94
Topic #: 14
[All AZ-104 Questions]

You have an Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains three Azure virtual machines. Each virtual machine has a public IP address.

The virtual machines host several applications that are accessible over port 443 to user on the Internet.

Your on-premises network has a site-to-site VPN connection to VNet1.

You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from the Internet and from the on-premises network.

You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network. The solution must ensure that all the applications can still be accesses by the Internet users.

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Reuben at May 02, 2024, 06:41 PM

Limited Time Offer

25%

Off

Get Premium AZ-104 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Carry
1 months ago
The key here is to find a solution that balances security and accessibility. Blocking RDP from the internet while still allowing the apps to be accessed is the right approach.
upvoted 0 times
Shawnta
3 days ago
D) Create a deny rule in a network security group (NSG) that is linked to Subnet1
upvoted 0 times
...
...
An
2 months ago
Haha, imagine if the solution was to just change the RDP port to something random like 'port 12345'? That would really throw off any potential attackers!
upvoted 0 times
Bettye
5 days ago
Haha, that would definitely confuse them! But it's important to follow best practices for security.
upvoted 0 times
...
Levi
19 days ago
D) Create a deny rule in a network security group (NSG) that is linked to Subnet1
upvoted 0 times
...
Izetta
21 days ago
A) Modify the address space of the local network gateway.
upvoted 0 times
...
...
Rebbecca
2 months ago
A deny rule in the NSG linked to Subnet1 is definitely the way to go. That way, we can block RDP access from the internet while still allowing the applications to be accessed.
upvoted 0 times
Zona
9 days ago
I agree, creating a deny rule in the NSG will help secure the virtual machines.
upvoted 0 times
...
Norah
27 days ago
That sounds like the best solution to prevent RDP access from the Internet.
upvoted 0 times
...
Bonita
1 months ago
A deny rule in the NSG linked to Subnet1 is definitely the way to go.
upvoted 0 times
...
...
Sharmaine
2 months ago
That's true, but modifying the address space of Subnet1 might also be a viable option to restrict RDP access.
upvoted 0 times
...
Golda
2 months ago
Modifying the address space of the local network gateway or Subnet1 doesn't really address the problem. We need to control access specifically to the RDP ports on the virtual machines.
upvoted 0 times
Theron
1 months ago
D) Create a deny rule in a network security group (NSG) that is linked to Subnet1
upvoted 0 times
...
Bette
1 months ago
C) Modify the address space of Subnet1.
upvoted 0 times
...
Fabiola
1 months ago
D) Create a deny rule in a network security group (NSG) that is linked to Subnet1
upvoted 0 times
...
Rashad
1 months ago
A) Modify the address space of the local network gateway.
upvoted 0 times
...
Rory
2 months ago
B) Remove the public IP addresses from the virtual machines.
upvoted 0 times
...
Eladia
2 months ago
A) Modify the address space of the local network gateway.
upvoted 0 times
...
...
Harris
2 months ago
But wouldn't removing the public IP addresses from the virtual machines also prevent RDP access from the Internet?
upvoted 0 times
...
Sharmaine
2 months ago
I think we should create a deny rule in a network security group (NSG) that is linked to Subnet1.
upvoted 0 times
...
Camellia
2 months ago
Removing the public IP addresses seems like the easiest solution, but that would prevent the applications from being accessible to users on the internet. I think the network security group (NSG) approach is the way to go here.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77