AZ-104 · Question #412
AZ-104 Question #412: Real Exam Question with Answer & Explanation
The correct answer is B: No. The NSG on the subnet does not allow inbound TCP 3389. NSGs deny all inbound traffic except from virtual network or load balancers. https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#default-security-rules
Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains the following resources: - A virtual network that has a subnet named Subnet1 - Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1 - A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections NSG-Subnet1 has the default inbound security rules only. NSG-VM1 has the default inbound security rules and the following custom inbound security rule: Priority: 100 Source: Any Source port range: * Destination: * Destination port range: 3389 Protocol: UDP Action: Allow VM1 connects to Subnet1. NSG1-VM1 is associated to the network interface of VM1. NSG- Subnet1 is associated to Subnet1. You need to be able to establish Remote Desktop connections from the internet to VM1. Solution: You modify the custom rule for NSG-VM1 to use the internet as a source and TCP as a protocol. Does this meet the goal?
Options
- AYes
- BNo
Explanation
The NSG on the subnet does not allow inbound TCP 3389. NSGs deny all inbound traffic except from virtual network or load balancers. https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#default-security-rules
Community Discussion
No community discussion yet for this question.