Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

You manage an Azure subscription with a Windows Server VM named VM1. VM1 uses a public IP and an NSG rule that permits inbound RDP (TCP 3389) from the internet. A new policy requires removing the public IP and allowing administrators to launch RDP sessions to VM1 directly in the Azure portal via a web browser. Which action should you take?

  • Configure a private endpoint for VM1 and enable Private Link Service.

  • Create an Azure VPN gateway and require administrators to use a Point-to-Site VPN before connecting to VM1's private IP.

  • Deploy an Azure Bastion host in the virtual network and remove the inbound RDP rule from the NSG.

  • Enable just-in-time VM access for port 3389 on VM1 and restrict allowed source IP ranges.

Microsoft Azure Security Engineer Associate AZ-500
Secure compute, storage, and databases
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot