Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft AZ-500 Exam - Topic 8 Question 71 Discussion

You have an Azure subscription that contains a resource group named RG1 and a security group serverless RG1 contains 10 virtual machine, a virtual network VNET1, and a network security group (NSG) named NSG1. ServerAdmins can access the virtual machines by using RDP.You need to ensure that NSG1 only RDP connections to the virtual for a maximum of 60 minutes when a member of ServerAdmins requests access.What should you configure?
A) an Azure Active Directory (Azure AD) Privileged identity Management (PIM) role assignment.
B) a just in time (JIT) VM access policy in Azure Security Center
C) an azure policy assigned to RG1.
D) an Azure Bastion host on VNET1.

Microsoft AZ-500 Exam - Topic 8 Question 71 Discussion

Actual exam question for Microsoft's AZ-500 exam
Question #: 71
Topic #: 8
[All AZ-500 Questions]

You have an Azure subscription that contains a resource group named RG1 and a security group serverless RG1 contains 10 virtual machine, a virtual network VNET1, and a network security group (NSG) named NSG1. ServerAdmins can access the virtual machines by using RDP.

You need to ensure that NSG1 only RDP connections to the virtual for a maximum of 60 minutes when a member of ServerAdmins requests access.

What should you configure?

Show Suggested Answer Hide Answer
Suggested Answer: A

Create an Azure Resource Manager service principal. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to specify a name and a role for the service principal, such as Contributor.

Grant permission to the service principal to access the secrets in the key vault. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to assign theKey Vault Secrets Userrole to the service principal at the scope of the key vault or individual secrets.

Enable template deployment for the key vault. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to set theenabledForTemplateDeploymentproperty of the key vault to true.

Reference the secrets in the template by using their resource ID. You can use the listSecrets function to get the resource ID of a secret in the key vault. You need to specify the name of the key vault and the name of the secret as parameters.

Deploy the template by using Azure PowerShell, Azure CLI, or REST API. You can use the New-AzResourceGroupDeployment cmdlet, the az deployment group create command, or the Deployments - Create Or Update REST API to do this. You need to provide the template file or URI and any required parameters. You also need to provide the credentials of the service principal.


by Monte at Sep 19, 2024, 03:59 AM

Limited Time Offer

25%

Off

Get Premium AZ-500 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
James
6 months ago
Definitely B, it’s the best practice for security!
upvoted 0 times
...
Mona
6 months ago
Wait, can you really limit RDP to just 60 mins?
upvoted 0 times
...
Junita
7 months ago
C doesn’t really fit the requirement here.
upvoted 0 times
...
Felton
7 months ago
I think A might be better for managing roles.
upvoted 0 times
...
Ceola
7 months ago
B is the way to go for JIT access!
upvoted 0 times
...
Mireya
7 months ago
I thought Azure Bastion was more about secure access without exposing VMs directly. Not sure if it fits this scenario though.
upvoted 0 times
...
Olive
8 months ago
I practiced a similar question before, and I feel like the JIT policy is definitely the right choice for controlling access time.
upvoted 0 times
...
Marshall
8 months ago
I'm not entirely sure, but I remember something about Azure AD Privileged Identity Management. Could that be relevant here?
upvoted 0 times
...
Sharika
8 months ago
I think we might need to look at the Just-In-Time VM access policy for this one. It sounds like it could limit RDP access to only when it's needed.
upvoted 0 times
...
Ammie
8 months ago
I'm leaning towards the Azure Bastion host solution. That would provide secure RDP access to the VMs without the need to open up RDP ports directly.
upvoted 0 times
...
Hubert
8 months ago
Based on the details provided, I believe the correct answer is to configure a just-in-time (JIT) VM access policy in Azure Security Center. This will allow the ServerAdmins to request temporary access to the VMs for a limited duration.
upvoted 0 times
...
Ronny
8 months ago
Hmm, I'm a bit confused. There are a few options here, and I'm not sure which one is the best approach to meet the specific requirements.
upvoted 0 times
...
Cherilyn
8 months ago
This question seems straightforward. I think the key is to focus on the requirement to limit RDP access to 60 minutes for the ServerAdmins group.
upvoted 0 times
...
Jospeh
8 months ago
Adding the link to a cloud-based bookmark service seems like the most organized approach. I remember a practice question like this.
upvoted 0 times
...
Francine
1 year ago
Haha, imagine if the answer was A) an Azure policy - that would be like putting a lock on a lock! Let's stick with the JIT solution, it's the most straightforward way to handle this requirement.
upvoted 0 times
...
Candida
1 year ago
D) an Azure Bastion host on VNET1 could be another good option, as it provides secure RDP access without exposing the VMs directly to the internet.
upvoted 0 times
Melissa
12 months ago
A) an Azure policy assigned to RG1 might not be the most effective solution for restricting RDP connections to the virtual machines within the specified time frame.
upvoted 0 times
...
Gerri
1 year ago
D) an Azure Bastion host on VNET1 could also work well for secure RDP access without exposing the VMs directly to the internet.
upvoted 0 times
...
Marge
1 year ago
B) a just in time (JIT) VM access policy in Microsoft Defender for Cloud would be the best option to limit RDP connections to the virtual machines for a specific time period.
upvoted 0 times
...
...
Royal
1 year ago
I was also leaning towards the JIT VM access policy. It's a neat feature that allows you to control privileged access in a secure and auditable way.
upvoted 0 times
Tyisha
12 months ago
D) an Azure Bastion host on VNET1
upvoted 0 times
...
Mitsue
12 months ago
That's a good choice. JIT VM access policy can help restrict access to virtual machines for a limited time.
upvoted 0 times
...
Aliza
12 months ago
B) a just in time (JIT) VM access policy in Microsoft Defender for Cloud
upvoted 0 times
...
...
Lili
1 year ago
B) a just in time (JIT) VM access policy in Microsoft Defender for Cloud seems like the right choice to control RDP access to the VMs for a limited time period.
upvoted 0 times
Yun
12 months ago
I agree, using JIT access policy will help enhance security by restricting access for a specific time period.
upvoted 0 times
...
Kendra
12 months ago
That sounds like a good solution to limit RDP access to the virtual machines.
upvoted 0 times
...
Janessa
1 year ago
B) a just in time (JIT) VM access policy in Microsoft Defender for Cloud is the correct choice.
upvoted 0 times
...
...
Gearldine
1 year ago
I'm not sure about the answer. Maybe we should consider other options like D) an Azure Bastion host on VNET1.
upvoted 0 times
...
Omega
1 year ago
I agree with Genevieve. Configuring a JIT VM access policy would limit RDP connections to the virtual machines for a specific time period.
upvoted 0 times
...
Genevieve
1 year ago
I think the answer is B) a just in time (JIT) VM access policy in Microsoft Defender for Cloud.
upvoted 0 times
...

Save Cancel