Exam SC-100 topic 3 question 3 discussion

https://docs.microsoft.com/en-us/learn/modules/connect-vm-with-azure-bastion/2-what-is-azure-bastion

correct answer (so good job Guys!)

Deploy Azure Bastion: Azure Bastion is a secure and convenient way to access Azure VMs without exposing public IP addresses. It uses TLS encryption and firewall traversal for RDP connections, ensuring traffic security. By deploying Azure Bastion, you can connect to your VMs directly from the Azure portal using a web browser, eliminating the need for VPNs and minimizing costs. You can configure Azure Bastion for each virtual network or use a single instance for multiple virtual networks. Enable just-in-time VM access: By enabling just-in-time VM access, you can restrict RDP or SSH access to your VMs based on specific conditions (such as time window and source IP). This feature enhances security by reducing exposure to potential attacks. It allows authorized users to request access to VMs only when needed, minimizing the attack surface and adhering to the principle of least privilege

By deploying Azure Bastion to each virtual network and enabling JIT VM access on the virtual machines, you can provide the developers with secure and convenient access to the virtual machines over SSL from the Azure portal, while also meeting the requirements of preventing public IP exposure, avoiding the use of a VPN, and minimizing costs.

Exam 5/25/2023

AC is the answer. https://learn.microsoft.com/en-us/azure/bastion/vnet-peering Azure Bastion and VNet peering can be used together. When VNet peering is configured, you don't have to deploy Azure Bastion in each peered VNet. This means if you have an Azure Bastion host configured in one virtual network (VNet), it can be used to connect to VMs deployed in a peered VNet without deploying an additional bastion host.

This seems the only logical combination.

Azure Bastion is deployed to a virtual network and supports virtual network peering. Specifically, Azure Bastion manages RDP/SSH connectivity to VMs created in the local or peered virtual networks. Note: Azure Bastion is a service you deploy that lets you connect to a virtual machine using your browser and the Azure portal. The Azure Bastion service is a fully platform-managed PaaS service that you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over TLS. When you connect via Azure Bastion, your virtual machines don't need a public IP address, agent, or special client software. Incorrect: Not B: Two Azure Bastions would increase the cos

Why not C and E? Because E costs more? It would be safer...

A and C is cost optimal solution

Perfect answer