Microsoft Certified: Azure Fundamentals (AZ-900) Practice Exam

Disable ads (and more) with a membership for a one time $4.99 payment

Prepare for the Microsoft Certified: Azure Fundamentals (AZ-900) Practice Exam with our comprehensive quiz. Study with flashcards, multiple choice questions, and detailed explanations to ace your exam!

Practice this question and more.


How can Network Security Groups (NSGs) ensure access control for RDP to virtual machines?

  1. By blocking all public traffic

  2. By allowing access only from specific IP addresses

  3. By allowing RDP access on a different port

  4. By creating a separate management network

The correct answer is: By allowing access only from specific IP addresses

Your selection is indeed aligned with the correct approach to controlling access for Remote Desktop Protocol (RDP) to virtual machines using Network Security Groups (NSGs). Network Security Groups (NSGs) function as a set of security rules that permit or deny inbound and outbound traffic to resources in Azure. When it comes to RDP, which typically uses TCP port 3389, you can enhance security by restricting access solely to specific IP addresses. This means that only users accessing the virtual machine from those approved IP addresses will be able to establish an RDP session. This method significantly reduces the attack surface and improves the security posture of the VM by minimizing the chances of unauthorized access from unspecified or potentially malicious sources. While blocking all public traffic might seem like a security measure, it would prevent legitimate access via RDP entirely, making it infeasible for any remote management of the virtual machine. Allowing RDP on a different port does not effectively secure RDP access since if an attacker knows the port, they can still attempt unauthorized access. Finally, creating a separate management network could enhance overall network security but does not directly control RDP access; it complicates the network architecture without solving the specific problem of RDP access control.