Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft Exam AZ-104 Topic 14 Question 94 Discussion

Actual exam question for Microsoft's AZ-104 exam
Question #: 94
Topic #: 14
[All AZ-104 Questions]

You have an Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains three Azure virtual machines. Each virtual machine has a public IP address.

The virtual machines host several applications that are accessible over port 443 to user on the Internet.

Your on-premises network has a site-to-site VPN connection to VNet1.

You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from the Internet and from the on-premises network.

You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network. The solution must ensure that all the applications can still be accesses by the Internet users.

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Reuben at May 02, 2024, 07:41 PM

Limited Time Offer

25%

Off

Get Premium AZ-104 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Ernest
4 days ago
This looks like a tricky one. I'll need to think through the requirements carefully to come up with the best solution.
upvoted 0 times
...
Hui
6 days ago
The question is asking about detecting families of malware, so I'm guessing the Ethos engine might be the best option since it focuses on identifying malware groups.
upvoted 0 times
...
Hoa
10 days ago
This looks like a tricky one. I'll need to think through the different agent criteria that could be used to prioritize them.
upvoted 0 times
...
Myong
14 days ago
I'm leaning towards option B because it includes the timeout, but the number 60 is throwing me off a bit.
upvoted 0 times
...
Carry
5 months ago
The key here is to find a solution that balances security and accessibility. Blocking RDP from the internet while still allowing the apps to be accessed is the right approach.
upvoted 0 times
Shawnta
3 months ago
B) Remove the public IP addresses from the virtual machines.
upvoted 0 times
...
Shawnta
4 months ago
A) Modify the address space of the local network gateway.
upvoted 0 times
...
Shawnta
4 months ago
D) Create a deny rule in a network security group (NSG) that is linked to Subnet1
upvoted 0 times
...
...
An
5 months ago
Haha, imagine if the solution was to just change the RDP port to something random like 'port 12345'? That would really throw off any potential attackers!
upvoted 0 times
Bettye
4 months ago
Haha, that would definitely confuse them! But it's important to follow best practices for security.
upvoted 0 times
...
Levi
4 months ago
D) Create a deny rule in a network security group (NSG) that is linked to Subnet1
upvoted 0 times
...
Izetta
4 months ago
A) Modify the address space of the local network gateway.
upvoted 0 times
...
...
Rebbecca
5 months ago
A deny rule in the NSG linked to Subnet1 is definitely the way to go. That way, we can block RDP access from the internet while still allowing the applications to be accessed.
upvoted 0 times
Zona
4 months ago
I agree, creating a deny rule in the NSG will help secure the virtual machines.
upvoted 0 times
...
Norah
4 months ago
That sounds like the best solution to prevent RDP access from the Internet.
upvoted 0 times
...
Bonita
5 months ago
A deny rule in the NSG linked to Subnet1 is definitely the way to go.
upvoted 0 times
...
...
Sharmaine
6 months ago
That's true, but modifying the address space of Subnet1 might also be a viable option to restrict RDP access.
upvoted 0 times
...
Golda
6 months ago
Modifying the address space of the local network gateway or Subnet1 doesn't really address the problem. We need to control access specifically to the RDP ports on the virtual machines.
upvoted 0 times
Theron
5 months ago
D) Create a deny rule in a network security group (NSG) that is linked to Subnet1
upvoted 0 times
...
Bette
5 months ago
C) Modify the address space of Subnet1.
upvoted 0 times
...
Fabiola
5 months ago
D) Create a deny rule in a network security group (NSG) that is linked to Subnet1
upvoted 0 times
...
Rashad
5 months ago
A) Modify the address space of the local network gateway.
upvoted 0 times
...
Rory
5 months ago
B) Remove the public IP addresses from the virtual machines.
upvoted 0 times
...
Eladia
5 months ago
A) Modify the address space of the local network gateway.
upvoted 0 times
...
...
Harris
6 months ago
But wouldn't removing the public IP addresses from the virtual machines also prevent RDP access from the Internet?
upvoted 0 times
...
Sharmaine
6 months ago
I think we should create a deny rule in a network security group (NSG) that is linked to Subnet1.
upvoted 0 times
...
Camellia
6 months ago
Removing the public IP addresses seems like the easiest solution, but that would prevent the applications from being accessible to users on the internet. I think the network security group (NSG) approach is the way to go here.
upvoted 0 times
...

Save Cancel