ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 6 question 8 discussion

Actual exam question from Microsoft's AZ-500
Question #: 8
Topic #: 6
[All AZ-500 Questions]

SIMULATION
-

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Azure Username: [email protected]

Azure Password: Gp0Ae4@!Dg
-

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 28681041
-

You need to configure Azure to allow RDP connections from the Internet to a virtual machine named VM1. The solution must minimize the attack surface of VM1.

To complete this task, sign in to the Azure portal.

Show Suggested Answer Hide Answer
Suggested Answer:
by liorh at June 4, 2023, 9:58 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
golitech
2 months, 3 weeks ago
my idea: To minimize the attack surface of VM1 while allowing RDP connections from the internet, the best solution would be to use Azure Bastion. Azure Bastion allows RDP access securely over the Azure internal network without exposing the VM to the public internet, thereby minimizing the attack surface. JIT would also be a good option for controlling inbound RDP access by allowing connections only when needed, but Azure Bastion provides a more seamless and secure access method without exposing RDP ports. Thus, Azure Bastion is the recommended solution.
upvoted 1 times
...
chema77
6 months, 2 weeks ago
I'd check NSGs in VNET and NIC. If no NSG, I would create one in the NIC to allow RDP from the Internet to the specific VM. Attack surface is minimum
upvoted 1 times
...
nExoR
8 months, 3 weeks ago
...and why not bastion?
upvoted 1 times
...
Strive_for_greatness_kc
1 year, 3 months ago
It should JIT or bastion but JIT allow to reduce the attack surface more than Azure Bastion. Creating just a network rules which allow inbound RDP from internet does not reduce the attack surface
upvoted 4 times
...
depp
1 year, 5 months ago
The question is broken but I think this is asking for Just in Time access?
upvoted 2 times
epomatti
1 year, 3 months ago
"Minimize the attack surface" means you only open port 3389, and no other port. JIT would fulfill a different requirement.
upvoted 1 times
5ec32f9
4 months, 2 weeks ago
JIT does not allow RDP connections, and the question said allow RDP access to the internet. the provided answer is correct. allow Port_3389
upvoted 1 times
...
pentium75
8 months, 4 weeks ago
Opening port 3389 to the whole Internet would surely NOT "minimize the attack surface".
upvoted 1 times
...
...
...
Yesvanth1
1 year, 10 months ago
Minimize the attack surface and expose to internet: so, I think using a service tag is better.
upvoted 3 times
...
liorh
1 year, 10 months ago
is it new question? should I configure it via NSG+name tags?
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago