Microsoft Certified: Azure Fundamentals (AZ-900) Practice Exam

Which configuration must be set to ensure that only your account can use RDP to access the VMs?

• A. Configure NSGs to only allow certain IPs
• B. Enable public IP addresses on all VMs
• C. Use Azure Bastion for secure RDP
• D. Set up a jump box for RDP access

The correct answer is: Configure NSGs to only allow certain IPs

To ensure that only your account can use RDP (Remote Desktop Protocol) to access virtual machines (VMs) in Azure, configuring Network Security Groups (NSGs) to allow access from specific IP addresses is essential. NSGs act as virtual firewalls that control the inbound and outbound traffic to Azure resources. By allowing only certain IPs, you can restrict unauthorized users and limit RDP access to trusted endpoints such as your home or office network. This approach enhances security by minimizing potential attack vectors, as only requests originating from approved IP addresses will be permitted to reach the VMs via RDP. This is particularly important in a cloud environment where resources are often exposed to the public internet. While other choices may contribute to overall security or access management, they do not provide the same targeted control over IP access. For instance, enabling public IP addresses on VMs does not restrict access; it merely allows connectivity from anywhere, which could increase vulnerability. Using Azure Bastion can enhance security by providing a more controlled access point for RDP without exposing your VM directly to the internet, but it does not specifically limit access to your account alone. A jump box setup can provide a further layer of security, yet it also requires proper management to ensure that it effectively