Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft Exam AZ-500 Topic 8 Question 71 Discussion

Actual exam question for Microsoft's AZ-500 exam
Question #: 71
Topic #: 8
[All AZ-500 Questions]

You have an Azure subscription that contains a resource group named RG1 and a security group serverless RG1 contains 10 virtual machine, a virtual network VNET1, and a network security group (NSG) named NSG1. ServerAdmins can access the virtual machines by using RDP.

You need to ensure that NSG1 only RDP connections to the virtual for a maximum of 60 minutes when a member of ServerAdmins requests access.

What should you configure?

Show Suggested Answer Hide Answer
Suggested Answer: A

Create an Azure Resource Manager service principal. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to specify a name and a role for the service principal, such as Contributor.

Grant permission to the service principal to access the secrets in the key vault. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to assign theKey Vault Secrets Userrole to the service principal at the scope of the key vault or individual secrets.

Enable template deployment for the key vault. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to set theenabledForTemplateDeploymentproperty of the key vault to true.

Reference the secrets in the template by using their resource ID. You can use the listSecrets function to get the resource ID of a secret in the key vault. You need to specify the name of the key vault and the name of the secret as parameters.

Deploy the template by using Azure PowerShell, Azure CLI, or REST API. You can use the New-AzResourceGroupDeployment cmdlet, the az deployment group create command, or the Deployments - Create Or Update REST API to do this. You need to provide the template file or URI and any required parameters. You also need to provide the credentials of the service principal.


by Monte at Sep 19, 2024, 03:59 AM

Limited Time Offer

25%

Off

Get Premium AZ-500 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Francine
20 days ago
Haha, imagine if the answer was A) an Azure policy - that would be like putting a lock on a lock! Let's stick with the JIT solution, it's the most straightforward way to handle this requirement.
upvoted 0 times
...
Candida
24 days ago
D) an Azure Bastion host on VNET1 could be another good option, as it provides secure RDP access without exposing the VMs directly to the internet.
upvoted 0 times
Marge
4 days ago
B) a just in time (JIT) VM access policy in Microsoft Defender for Cloud would be the best option to limit RDP connections to the virtual machines for a specific time period.
upvoted 0 times
...
...
Royal
27 days ago
I was also leaning towards the JIT VM access policy. It's a neat feature that allows you to control privileged access in a secure and auditable way.
upvoted 0 times
...
Lili
1 months ago
B) a just in time (JIT) VM access policy in Microsoft Defender for Cloud seems like the right choice to control RDP access to the VMs for a limited time period.
upvoted 0 times
Janessa
20 days ago
B) a just in time (JIT) VM access policy in Microsoft Defender for Cloud is the correct choice.
upvoted 0 times
...
...
Gearldine
2 months ago
I'm not sure about the answer. Maybe we should consider other options like D) an Azure Bastion host on VNET1.
upvoted 0 times
...
Omega
2 months ago
I agree with Genevieve. Configuring a JIT VM access policy would limit RDP connections to the virtual machines for a specific time period.
upvoted 0 times
...
Genevieve
2 months ago
I think the answer is B) a just in time (JIT) VM access policy in Microsoft Defender for Cloud.
upvoted 0 times
...

Save Cancel