You have an Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains three Azure virtual machines. Each virtual machine has a public IP address.
The virtual machines host several applications that are accessible over port 443 to user on the Internet.
Your on-premises network has a site-to-site VPN connection to VNet1.
You discover that the virtual machines can be accessed by using the Remote
Desktop Protocol (RDP) from the Internet and from the on-premises network.
You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network. The solution must ensure that all the applications can still be accesses by the Internet users.
What should you do?
A . Modify the address space of the local network gateway.
B . Remove the public IP addresses from the virtual machines.
C . Modify the address space of Subnet1.
D . Create a deny rule in a network security group (NSG) that is linked to Subnet1.
Answer: D
Explanation:
You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Latest AZ-103 Dumps Valid Version with 369 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund