New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft SC-100 Exam - Topic 3 Question 67 Discussion

Actual exam question for Microsoft's SC-100 exam
Question #: 67
Topic #: 3
[All SC-100 Questions]

You need to design a solution to provide administrators with secure remote access to the virtual machines. The solution must meet the following requirements:

* Prevent the need to enable ports 3389 and 22 from the internet.

* Only provide permission to connect the virtual machines when required.

* Ensure that administrators use the Azure portal to connect to the virtual machines.

Which two actions should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer: D, E

https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/jea/overview?view=powershell-7.2 https://docs.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-usage https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles


by Sherell at Jul 10, 2025, 01:51 AM

Limited Time Offer

25%

Off

Get Premium SC-100 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Rozella
2 months ago
Not sure about JEA, does it really add that much security?
upvoted 0 times
...
Ira
2 months ago
I’d go with Azure VPN Gateway too, it’s secure and reliable.
upvoted 0 times
...
Johana
3 months ago
Wait, can we really avoid opening ports 3389 and 22? Sounds risky.
upvoted 0 times
...
Fernanda
3 months ago
I think enabling Just-in-Time (JIT) VM access is a must!
upvoted 0 times
...
Myrtie
3 months ago
Definitely agree, Azure Bastion is also a solid choice here.
upvoted 0 times
...
Barbra
3 months ago
I practiced a question similar to this where enabling Azure AD PIM was part of the solution. It might be useful for managing permissions effectively.
upvoted 0 times
...
Dierdre
4 months ago
I feel like Azure VPN Gateway might be relevant, but I can't recall if it specifically meets the requirement of using the Azure portal for access.
upvoted 0 times
...
Johna
4 months ago
I'm not entirely sure, but I think Just-in-Time VM access could help limit exposure by allowing connections only when needed.
upvoted 0 times
...
Raina
4 months ago
I remember studying about Azure Bastion and how it allows secure access without exposing RDP or SSH ports. That seems like a good option here.
upvoted 0 times
...
Garry
4 months ago
I've used Azure Bastion before, and I think that's the way to go. It provides a secure, browser-based RDP/SSH connection to the VMs without needing to open those ports. Combining that with JIT VM access should give us the control we need.
upvoted 0 times
...
Latia
4 months ago
The key here is to provide secure remote access without exposing those ports directly. Azure Bastion and JIT VM access both sound promising, so I'll focus on understanding how they can meet the requirements.
upvoted 0 times
...
Arlette
5 months ago
I'm a bit confused on the difference between Azure Bastion and JIT VM access. I'll need to review the details of each to determine the best approach.
upvoted 0 times
...
Lorriane
5 months ago
Okay, let's see. We need to prevent opening ports 3389 and 22 from the internet, only allow access when needed, and use the Azure portal for connections. I think Azure Bastion and JIT VM access might be the way to go.
upvoted 0 times
...
Denny
5 months ago
Hmm, this looks like a tricky one. I'll need to think through the requirements carefully to come up with the right solution.
upvoted 0 times
...
Malinda
7 months ago
I'd go with E) and D). Azure Bastion and just-in-time VM access - that's the dynamic duo of secure remote access. Boom, problem solved!
upvoted 0 times
...
Cherry
7 months ago
B) Configure Azure VPN Gateway? What is this, the 90s? Azure Bastion is where it's at, my friend. Keep those remote connections secure and simple.
upvoted 0 times
Evangelina
5 months ago
B) Configure Azure VPN Gateway? What is this, the 90s? Azure Bastion is where it's at, my friend. Keep those remote connections secure and simple.
upvoted 0 times
...
Erick
5 months ago
E) Configure Azure Bastion.
upvoted 0 times
...
Rolf
6 months ago
A) Enable Azure Active Directory (Azure AD) Privileged Identity Management (PIM) roles as virtual machine contributors.
upvoted 0 times
...
...
Daron
7 months ago
I also think we should configure Azure Bastion for secure remote access.
upvoted 0 times
...
Tonette
7 months ago
C) Enable Just Enough Administration (JEA) sounds like a great idea. I bet that would really lock down the virtual machines and keep those administrators in check!
upvoted 0 times
Estrella
6 months ago
C) Enable Just Enough Administration (JEA) would definitely help in restricting access to the virtual machines.
upvoted 0 times
...
Miesha
7 months ago
D) Enable just-in-time (JIT) VM access.
upvoted 0 times
...
Luann
7 months ago
A) Enable Azure Active Directory (Azure AD) Privileged Identity Management (PIM) roles as virtual machine contributors.
upvoted 0 times
...
...
Marcos
7 months ago
I agree with Arlyne, that would prevent the need to enable ports 3389 and 22 from the internet.
upvoted 0 times
...
Arlyne
7 months ago
I think we should enable just-in-time (JIT) VM access.
upvoted 0 times
...
Billye
8 months ago
A) and D) seem like a good combination. Privileged Identity Management and just-in-time VM access should give us the control and security we need.
upvoted 0 times
Lacey
7 months ago
Enabling Azure AD PIM roles and JIT VM access will definitely meet the requirements for secure remote access.
upvoted 0 times
...
Thurman
8 months ago
I agree, Privileged Identity Management and just-in-time VM access are essential for secure remote access.
upvoted 0 times
...
Virgina
8 months ago
A) and D) are the best options. They will help us control access and ensure security.
upvoted 0 times
...
...
Delsie
8 months ago
Definitely go with E) Configure Azure Bastion. That's the perfect solution to meet all the requirements, no need to expose RDP/SSH ports to the internet.
upvoted 0 times
Irene
7 months ago
Enabling Azure AD PIM roles as virtual machine contributors is also important, so A) should be included in the solution.
upvoted 0 times
...
Rutha
7 months ago
We should also include D) Enable just-in-time (JIT) VM access for additional security.
upvoted 0 times
...
Precious
8 months ago
I agree, E) Configure Azure Bastion is the way to go.
upvoted 0 times
...
...

Save Cancel