ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 6 question 8 discussion

Actual exam question from Microsoft's AZ-500
Question #: 8
Topic #: 6
[All AZ-500 Questions]

SIMULATION
-

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Azure Username: [email protected]

Azure Password: Gp0Ae4@!Dg
-

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 28681041
-

You need to configure Azure to allow RDP connections from the Internet to a virtual machine named VM1. The solution must minimize the attack surface of VM1.

To complete this task, sign in to the Azure portal.

Show Suggested Answer Hide Answer
Suggested Answer:
by liorh at June 4, 2023, 9:58 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
chema77
2 months ago
I'd check NSGs in VNET and NIC. If no NSG, I would create one in the NIC to allow RDP from the Internet to the specific VM. Attack surface is minimum
upvoted 1 times
...
nExoR
4 months ago
...and why not bastion?
upvoted 1 times
...
Strive_for_greatness_kc
10 months, 3 weeks ago
It should JIT or bastion but JIT allow to reduce the attack surface more than Azure Bastion. Creating just a network rules which allow inbound RDP from internet does not reduce the attack surface
upvoted 4 times
...
depp
1 year, 1 month ago
The question is broken but I think this is asking for Just in Time access?
upvoted 2 times
epomatti
11 months, 1 week ago
"Minimize the attack surface" means you only open port 3389, and no other port. JIT would fulfill a different requirement.
upvoted 1 times
5ec32f9
22 hours, 29 minutes ago
JIT does not allow RDP connections, and the question said allow RDP access to the internet. the provided answer is correct. allow Port_3389
upvoted 1 times
...
pentium75
4 months, 1 week ago
Opening port 3389 to the whole Internet would surely NOT "minimize the attack surface".
upvoted 1 times
...
...
...
Yesvanth1
1 year, 5 months ago
Minimize the attack surface and expose to internet: so, I think using a service tag is better.
upvoted 3 times
...
liorh
1 year, 6 months ago
is it new question? should I configure it via NSG+name tags?
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago