Disable ads (and more) with a membership for a one time $4.99 payment
How can Network Security Groups (NSGs) ensure access control for RDP to virtual machines?
By blocking all public traffic
By allowing access only from specific IP addresses
By allowing RDP access on a different port
By creating a separate management network
The correct answer is: By allowing access only from specific IP addresses
Your selection is indeed aligned with the correct approach to controlling access for Remote Desktop Protocol (RDP) to virtual machines using Network Security Groups (NSGs). Network Security Groups (NSGs) function as a set of security rules that permit or deny inbound and outbound traffic to resources in Azure. When it comes to RDP, which typically uses TCP port 3389, you can enhance security by restricting access solely to specific IP addresses. This means that only users accessing the virtual machine from those approved IP addresses will be able to establish an RDP session. This method significantly reduces the attack surface and improves the security posture of the VM by minimizing the chances of unauthorized access from unspecified or potentially malicious sources. While blocking all public traffic might seem like a security measure, it would prevent legitimate access via RDP entirely, making it infeasible for any remote management of the virtual machine. Allowing RDP on a different port does not effectively secure RDP access since if an attacker knows the port, they can still attempt unauthorized access. Finally, creating a separate management network could enhance overall network security but does not directly control RDP access; it complicates the network architecture without solving the specific problem of RDP access control.