Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft Exam AZ-104 Topic 14 Question 94 Discussion

Actual exam question for Microsoft's AZ-104 exam
Question #: 94
Topic #: 14
[All AZ-104 Questions]

You have an Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains three Azure virtual machines. Each virtual machine has a public IP address.

The virtual machines host several applications that are accessible over port 443 to user on the Internet.

Your on-premises network has a site-to-site VPN connection to VNet1.

You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from the Internet and from the on-premises network.

You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network. The solution must ensure that all the applications can still be accesses by the Internet users.

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Reuben at May 02, 2024, 06:41 PM

Limited Time Offer

25%

Off

Get Premium AZ-104 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Harris
But wouldn't removing the public IP addresses from the virtual machines also prevent RDP access from the Internet?
upvoted 0 times
...
Golda
Modifying the address space of the local network gateway or Subnet1 doesn't really address the problem. We need to control access specifically to the RDP ports on the virtual machines.
upvoted 0 times
...
Sharmaine
2 days ago
I think we should create a deny rule in a network security group (NSG) that is linked to Subnet1.
upvoted 0 times
...
Camellia
5 days ago
Removing the public IP addresses seems like the easiest solution, but that would prevent the applications from being accessible to users on the internet. I think the network security group (NSG) approach is the way to go here.
upvoted 0 times
...

Save Cancel