New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft AZ-104 Exam - Topic 14 Question 94 Discussion

Actual exam question for Microsoft's AZ-104 exam
Question #: 94
Topic #: 14
[All AZ-104 Questions]

You have an Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains three Azure virtual machines. Each virtual machine has a public IP address.

The virtual machines host several applications that are accessible over port 443 to user on the Internet.

Your on-premises network has a site-to-site VPN connection to VNet1.

You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from the Internet and from the on-premises network.

You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network. The solution must ensure that all the applications can still be accesses by the Internet users.

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Reuben at May 02, 2024, 06:41 PM

Limited Time Offer

25%

Off

Get Premium AZ-104 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Chu
3 months ago
Modifying the address space won't solve the RDP issue, just saying.
upvoted 0 times
...
Jenelle
3 months ago
Wait, can we really just block RDP from the internet? Sounds risky!
upvoted 0 times
...
Elenora
4 months ago
Removing public IPs (option B) could work too, but might limit access.
upvoted 0 times
...
Kattie
4 months ago
Totally agree with D! Deny rules are essential for security.
upvoted 0 times
...
Shad
4 months ago
I think option D is the way to go. NSG rules can control access effectively.
upvoted 0 times
...
Oneida
4 months ago
This question seems similar to one we practiced about securing VMs. I think we had to create rules in NSGs to limit access, so D sounds familiar.
upvoted 0 times
...
Brock
5 months ago
I feel like modifying the address space of Subnet1 doesn't really address the RDP issue directly. So, I’m leaning towards option D as well.
upvoted 0 times
...
Freeman
5 months ago
I'm not entirely sure, but removing the public IPs could also restrict access. That might be option B, but then how would users access the apps?
upvoted 0 times
...
Stefany
5 months ago
I remember we talked about using NSGs to control traffic, so I think option D might be the right choice.
upvoted 0 times
...
Sharen
5 months ago
I'm pretty confident that the answer is to create a deny rule in an NSG linked to Subnet1. That should block the RDP access from the internet while still allowing the application access.
upvoted 0 times
...
Omega
5 months ago
Removing the public IP addresses from the VMs seems like it could work, but then how would the internet users access the applications? I'll need to double-check that option.
upvoted 0 times
...
Billi
5 months ago
Okay, I think I've got it. We need to prevent RDP access from the internet while still allowing access to the applications over port 443. Creating a deny rule in an NSG linked to Subnet1 should do the trick.
upvoted 0 times
...
Mirta
5 months ago
Hmm, I'm a bit confused about the difference between modifying the address space of the local network gateway versus Subnet1. I'll need to review those concepts.
upvoted 0 times
...
Ernest
5 months ago
This looks like a tricky one. I'll need to think through the requirements carefully to come up with the best solution.
upvoted 0 times
...
Hui
5 months ago
The question is asking about detecting families of malware, so I'm guessing the Ethos engine might be the best option since it focuses on identifying malware groups.
upvoted 0 times
...
Hoa
5 months ago
This looks like a tricky one. I'll need to think through the different agent criteria that could be used to prioritize them.
upvoted 0 times
...
Myong
5 months ago
I'm leaning towards option B because it includes the timeout, but the number 60 is throwing me off a bit.
upvoted 0 times
...
Carry
10 months ago
The key here is to find a solution that balances security and accessibility. Blocking RDP from the internet while still allowing the apps to be accessed is the right approach.
upvoted 0 times
Shawnta
8 months ago
B) Remove the public IP addresses from the virtual machines.
upvoted 0 times
...
Shawnta
9 months ago
A) Modify the address space of the local network gateway.
upvoted 0 times
...
Shawnta
9 months ago
D) Create a deny rule in a network security group (NSG) that is linked to Subnet1
upvoted 0 times
...
...
An
10 months ago
Haha, imagine if the solution was to just change the RDP port to something random like 'port 12345'? That would really throw off any potential attackers!
upvoted 0 times
Bettye
9 months ago
Haha, that would definitely confuse them! But it's important to follow best practices for security.
upvoted 0 times
...
Levi
9 months ago
D) Create a deny rule in a network security group (NSG) that is linked to Subnet1
upvoted 0 times
...
Izetta
9 months ago
A) Modify the address space of the local network gateway.
upvoted 0 times
...
...
Rebbecca
10 months ago
A deny rule in the NSG linked to Subnet1 is definitely the way to go. That way, we can block RDP access from the internet while still allowing the applications to be accessed.
upvoted 0 times
Zona
9 months ago
I agree, creating a deny rule in the NSG will help secure the virtual machines.
upvoted 0 times
...
Norah
9 months ago
That sounds like the best solution to prevent RDP access from the Internet.
upvoted 0 times
...
Bonita
10 months ago
A deny rule in the NSG linked to Subnet1 is definitely the way to go.
upvoted 0 times
...
...
Sharmaine
11 months ago
That's true, but modifying the address space of Subnet1 might also be a viable option to restrict RDP access.
upvoted 0 times
...
Golda
11 months ago
Modifying the address space of the local network gateway or Subnet1 doesn't really address the problem. We need to control access specifically to the RDP ports on the virtual machines.
upvoted 0 times
Theron
10 months ago
D) Create a deny rule in a network security group (NSG) that is linked to Subnet1
upvoted 0 times
...
Bette
10 months ago
C) Modify the address space of Subnet1.
upvoted 0 times
...
Fabiola
10 months ago
D) Create a deny rule in a network security group (NSG) that is linked to Subnet1
upvoted 0 times
...
Rashad
10 months ago
A) Modify the address space of the local network gateway.
upvoted 0 times
...
Rory
10 months ago
B) Remove the public IP addresses from the virtual machines.
upvoted 0 times
...
Eladia
10 months ago
A) Modify the address space of the local network gateway.
upvoted 0 times
...
...
Harris
11 months ago
But wouldn't removing the public IP addresses from the virtual machines also prevent RDP access from the Internet?
upvoted 0 times
...
Sharmaine
11 months ago
I think we should create a deny rule in a network security group (NSG) that is linked to Subnet1.
upvoted 0 times
...
Camellia
11 months ago
Removing the public IP addresses seems like the easiest solution, but that would prevent the applications from being accessible to users on the internet. I think the network security group (NSG) approach is the way to go here.
upvoted 0 times
...

Save Cancel