Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Microsoft Exam AZ-104 Topic 14 Question 94 Discussion

Actual exam question for Microsoft's AZ-104 exam
Question #: 94
Topic #: 14
[All AZ-104 Questions]

You have an Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains three Azure virtual machines. Each virtual machine has a public IP address.

The virtual machines host several applications that are accessible over port 443 to user on the Internet.

Your on-premises network has a site-to-site VPN connection to VNet1.

You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from the Internet and from the on-premises network.

You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network. The solution must ensure that all the applications can still be accesses by the Internet users.

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Reuben at May 02, 2024, 06:41 PM

Limited Time Offer

25%

Off

Get Premium AZ-104 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Rebbecca
5 days ago
A deny rule in the NSG linked to Subnet1 is definitely the way to go. That way, we can block RDP access from the internet while still allowing the applications to be accessed.
upvoted 0 times
...
Sharmaine
13 days ago
That's true, but modifying the address space of Subnet1 might also be a viable option to restrict RDP access.
upvoted 0 times
...
Golda
14 days ago
Modifying the address space of the local network gateway or Subnet1 doesn't really address the problem. We need to control access specifically to the RDP ports on the virtual machines.
upvoted 0 times
Eladia
2 days ago
A) Modify the address space of the local network gateway.
upvoted 0 times
...
...
Harris
14 days ago
But wouldn't removing the public IP addresses from the virtual machines also prevent RDP access from the Internet?
upvoted 0 times
...
Sharmaine
16 days ago
I think we should create a deny rule in a network security group (NSG) that is linked to Subnet1.
upvoted 0 times
...
Camellia
19 days ago
Removing the public IP addresses seems like the easiest solution, but that would prevent the applications from being accessible to users on the internet. I think the network security group (NSG) approach is the way to go here.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77