Exam SC-100 topic 2 question 6 discussion

CDE is the answer. https://learn.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop?tabs=azure Azure Virtual Desktop is a desktop and app virtualization service that runs on Azure. When an end user connects to an Azure Virtual Desktop environment, their session is run by a host pool. A host pool is a collection of Azure virtual machines that register to Azure Virtual Desktop as session hosts. These virtual machines run in your virtual network and are subject to the virtual network security controls. They need outbound Internet access to the Azure Virtual Desktop service to operate properly and might also need outbound Internet access for end users. Azure Firewall can help you lock down your environment and filter outbound traffic.

Why D over A? A seems to be better choice but most choosing D. Can someone explain pls?

Because A, B does not make sense at all.

I'm wondering Azure Active directory is now Entra ID on exam we see old naming convention or new one ?

ACE are correct answers here

This question is terrible. B could work to solve the latency issue...and MFA is explicitly stated as a requirement to migrate their existing firewall, but in the context of Zero Trust > latency I would go with E over B. CDE.

Correct.

This is a tricky one… Based on zero trust, minimizing latency, and keeping the existing firewall requirement in place; I’d go with C,D,E

A. Configure network security groups (NSGs) to allow access from only specific logical groupings of IP address ranges: This action will restrict access to the on-premises network and the Azure subscription to only specific logical groupings of IP address ranges. This helps ensure that only authorized traffic is allowed to access the resources. B. Deploy a Remote Desktop server to an Azure region located in France: This action will help reduce latency for developers by ensuring that they have a closer connection to the Remote Desktop server. This can be achieved by deploying the Remote Desktop server in an Azure region located in France. E. Configure Azure Active Directory (Azure AD) Conditional Access with multi-factor authentication (MFA) and named locations: This action will help ensure that only authorized users are allowed to access the resources. Azure AD Conditional Access can be used to enforce MFA and restrict access based on named locations. This helps ensure that only authorized users are accessing the resources.

AI: To implement a modern security solution based on the Zero Trust model and minimize latency for developers, the following actions should be recommended: Migrate from the Remote Desktop server to Azure Virtual Desktop: Azure Virtual Desktop is a modern solution that allows users to securely access their virtual desktops and applications from any device, anywhere. By migrating from the on-premises Remote Desktop server to Azure Virtual Desktop, you can provide secure remote access to the virtual machines hosted in Azure without compromising on security.

CDE is perfect

why there is no option for bastion host?

CDE is appropriate

CDE IS CORRECT

CDE looks fine to me

same here.

Correct answer