exam questions

Exam AZ-800 All Questions

View all questions & answers for the AZ-800 exam

Exam AZ-800 topic 2 question 9 discussion

Actual exam question from Microsoft's AZ-800
Question #: 9
Topic #: 2
[All AZ-800 Questions]

You have an Azure virtual machine named VM1 that has a private IP address only.
You configure the Windows Admin Center extension on VM1.
You have an on-premises computer that runs Windows 11. You use the computer for server management.
You need to ensure that you can use Windows Admin Center from the Azure portal to manage VM1.
What should you configure?

  • A. an Azure Bastion host on the virtual network that contains VM1.
  • B. a VPN connection to the virtual network that contains VM1.
  • C. a private endpoint on the virtual network that contains VM1.
  • D. a network security group (NSG) rule that allows inbound traffic on port 443.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
hchafloque
Highly Voted 2 years, 2 months ago
"You need to ensure that you can use Windows Admin Center from the Azure portal" - The portal use 443 port. No VPN required, the use is trough Portal, not RDP access. Answer, D.
upvoted 12 times
...
edykss
Highly Voted 2 years, 6 months ago
Answer is Correct
upvoted 9 times
...
Opoveda
Most Recent 5 days, 4 hours ago
Selected Answer: A
Azure Bastion provides secure and seamless RDP and SSH connectivity to Azure VMs directly in the Azure portal, without requiring a public IP address on the VM. It allows you to manage VMs securely without exposing them to potential internet-based threats. This aligns with the scenario described in the question.
upvoted 1 times
...
ltkiller
1 month, 1 week ago
Selected Answer: B
VPN Connection: Setting up a Virtual Private Network (VPN) between your on-premises network and the Azure virtual network allows your on-premises computer to securely access resources within the Azure virtual network, including VM1. This is essential because VM1 has only a private IP address and is not directly accessible from the public internet. https://www.youtube.com/watch?v=GH-i6sOtyAo
upvoted 1 times
...
NoMedi
1 month, 2 weeks ago
Selected Answer: B
B: To use Windows Admin Center from the Azure portal to manage VM1, which has only a private IP address, you should configure a VPN connection to the virtual network that contains VM1. This option allows secure access to the private network where VM1 is located, enabling you to manage the VM using Windows Admin Center through the Azure portal. The other options are less suitable for this scenario: - Azure Bastion is primarily used for RDP and SSH connections, not specifically for Windows Admin Center. - A private endpoint is typically used for connecting to Azure PaaS services, not for managing VM. - An NSG rule allowing inbound traffic on port 443 alone would not provide the necessary connectivity from your on-premises network to the Azure virtual network.
upvoted 1 times
...
wazza47
3 months ago
Selected Answer: A
manage VM1 from the Azure portal using the Windows Admin Center, you need to ensure secure and accessible connectivity to the VM that has a private IP address. Among the provided options, the most suitable configuration is: A. an Azure Bastion host on the virtual network that contains VM1. Azure Bastion provides secure RDP and SSH connectivity to your virtual machines directly through the Azure portal. This eliminates the need for a public IP address, thereby ensuring security while allowing you to manage VM1 through the Windows Admin Center. Setting up an Azure Bastion host will enable you to access VM1 securely from the Azure portal, maintaining the principles of least privilege and secure management practices
upvoted 1 times
...
Ksk08
4 months ago
B. a VPN connection to the virtual network that contains VM1.
upvoted 1 times
...
Ksk08
4 months, 3 weeks ago
Answer is A
upvoted 1 times
...
NicolaF
6 months ago
no public ip so B is the correct answer. Private Endpoints allows you to access resources from Azure
upvoted 1 times
...
Mladen_66
9 months ago
Selected Answer: B
If your target Azure VMs don't have public IPs, and you want to manage these VMs from a Windows Admin Center gateway deployed in your on-premises network, you need to configure your on-premises network to have connectivity to the VNet on which the target VMs are connected. There are 3 ways you can do this: ExpressRoute, Site-to-Site VPN, or Point-to-Site VPN. https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-azure-vms#connecting-to-vms-without-a-public-ip
upvoted 4 times
...
[Removed]
9 months, 2 weeks ago
Answer is C. The key word here is private IP address. C. Private endpoints allow you to access Azure services (such as VM1) over a private IP address within the virtual network. By configuring a private endpoint for VM1, you can securely manage it using Windows Admin Center from the Azure portal.
upvoted 1 times
...
Kuikz
11 months, 2 weeks ago
Selected Answer: B
I agree with B. https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-vm
upvoted 2 times
...
boapaulo
1 year, 3 months ago
Better, scenario is the Bastion in security, however if we look at cost, without a doubt the NSG releasing port 443.
upvoted 2 times
...
dolphan904
1 year, 3 months ago
The ON-PREM Windows 11 client is connecting to the Azure Portal which in turn then allows the admin to manage the Azure VM (VM1) via its extension. That connection happens inbound to the VM via PORT 443, therefore, you must allow inbound traffic for PORT 443 on the NSG attached to the VM or the subnet that is hosting it. The others make no sense here. You DO NOT need a VPN connection to manage an Azure resource via the Azure Portal. Nor should need to go to the trouble of putting one together to manage an Azure VM via the WAC tool. Its an HTTP tool. That is the whole point of using WAC.
upvoted 2 times
...
Bolo92
1 year, 3 months ago
valid 27.11.23
upvoted 3 times
...
RickySmith
1 year, 5 months ago
Selected Answer: D
None of these are correct. A. an Azure Bastion host on the virtual network that contains VM1. - No WAC involved. B. a VPN connection to the virtual network that contains VM1. - That will allow you to install WAC on the W11 device and manage the server, but that is not the question here. C. a private endpoint on the virtual network that contains VM1. - Again no WAC involved. D. a network security group (NSG) rule that allows inbound traffic on port 443. - This is the closest and yet not correct as per documentation at https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-vm#installing-in-a-vm Based on the above, I would mark D as the answer.
upvoted 3 times
SantaClaws
1 year, 3 months ago
WAC is not on port 443 by default. Also, the VM only has a private ip, so your workstation has no access without a vpn. So D is for sure wrong. The answer is B because there needs to be a VPN connection between the on-prem server and azure vm for you to access it at all. The best way of doing it is using a s2s vpn specifically if possible. https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-vm#management-pc-requirements
upvoted 3 times
...
...
windowsmodulesinstallerworker
1 year, 5 months ago
Selected Answer: B
The management PC or other system that you use to connect to the Azure portal has the following requirements: The Microsoft Edge or Google Chrome web browser Access to the virtual network that's connected to the VM (this is more secure than using a public IP address to connect). There are many ways to connect to a virtual network, including by using a VPN gateway.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago