Exam AZ-104 topic 5 question 113 discussion

Answer is correct. However, it will prevent VM1 from connecting to any machine using 3389, not just VM2

A: The rule works although it will prevent VM1 from connecting to anything on 3389 they way it is described in the question (no limit to the destination IP detailed). Configuring a Bastion will do nothing to prevent VM1 from accessing VM2 in anyway. C & D are wrong as they are SOURCE port Deny not destination port Deny. A connection to remote port of 3389 is not going to be from a source port of 3389 (especially if RDP is already listening on these VMs as that port will be unavailable as a source port), it could be any port in 1024-65535.

is correct, for individual VMs need to use network interface

A, is correct

A is correct

A is correct

D. Create a network security group (NSG) that has an inbound security rule to deny source port 3389 and apply the NSG to Subnet1.

Correct Answer is A, however it will prevent VM1 from connecting using RDP not only to VM2 but to any other VM created...to my understanding is a poorly designed rule, but it will work.

A is the answer.

Correct Answer: A A. Create a network security group (NSG) that has an outbound security rule to deny destination port 3389 and apply the NSG to the network interface of VM1. By creating an outbound security rule in a network security group (NSG) to deny destination port 3389, you can prevent VM1 from accessing port 3389 on VM2. By applying the NSG to the network interface of VM1, you can enforce the security rule specifically for VM1. This solution provides a centralized way to manage and enforce network security for VM1, and it helps to prevent unwanted access to port 3389 on VM2 from VM1. ***If it was D. "Create a network security group (NSG) that has an inbound security rule to deny source port 3389 and apply the NSG to Subnet1" you could prevent access to port 3389 on VM2 from ANY SOURCE (including VM1). By applying the NSG to Subnet1, you can apply the security rule to both VM1 and VM2. The question asked "to prevent VM1 from accessing VM2 on port 3389", not from any source.

A is correct , if you appied NSG on the inbound ov VM2 no other vms will access it also as well , and here in the question he mentioned that you want to prevent VM1 means the action should be taken in VM1

D. Create a network security group (NSG) that has an inbound security rule to deny source port 3389 and apply the NSG to Subnet1. To prevent VM1 from accessing VM2 on port 3389, you need to create an NSG with an inbound security rule that denies traffic from the source port 3389. Then you need to apply the NSG to Subnet1, which will block the traffic to all the virtual machines in the subnet.

A is correct. It will prevent connections from VM1 on port 3389 to any destination, including the other VM. Question does not say that VM1 should be able to access other VMs on this port so it's fine to block all outgoing connections.

A. Create a network security group (NSG) that has an outbound security rule to deny destination port 3389 and apply the NSG to the network interface of VM1.

Correct answer A