SC-100 Question #290: Real Exam Question with Answer & Explanation

Question

Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains a server named Serve1 that runs Windows Server 2022. You have an Azure subscription that is linked to a hybrid Microsoft Entra tenant and contains a user named User1. User1 works remotely. You need to ensure that User1 can establish RDP connections to Server1 via the internet. The solution must ensure that User1 authenticates by using multifactor authentication (MFA). What should you include in the solution?

Options

• AWindows Admin Center
• BMicrosoft Entra Internet Access
• CAzure Bastion
• DMicrosoft Entra Private Access

Explanation

{"question_number": 7, "correct_answer": "C", "explanation": "The correct answer is C: Azure Bastion. Azure Bastion provides secure, browser-based RDP and SSH connectivity over TLS (port 443) without requiring the target server to have a public IP address. When combined with hybrid connectivity (VPN Gateway or ExpressRoute) between Azure and the on-premises network, Azure Bastion can establish RDP sessions to on-premises servers like Server1. Access to the Azure portal (which hosts Bastion) is protected by Microsoft Entra authentication with Conditional Access enforcing MFA, satisfying the MFA requirement. Windows Admin Center (A) can provide remote management but does not natively enforce MFA for RDP. Entra Internet Access (B) is a Secure Web Gateway for internet-bound traffic, not for private RDP. Entra Private Access (D) provides Zero Trust Network Access to private resources but does not natively provide an RDP gateway experience with integrated MFA the way Bastion does via the Azure portal.", "generated_by": "claude-sonnet", "llm_judge_score": 4}

No community discussion yet for this question.