Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

Your company deploys a Windows Server Azure virtual machine in a virtual network that has no public IP address. A new security baseline states that the VM must never receive direct inbound Internet traffic, but administrators working from home still need interactive RDP access over the Internet. Which solution meets the requirements with the least ongoing configuration effort?

  • Enable just-in-time VM access for port 3389 and allow trusted IP ranges.

  • Deploy Azure Bastion to the virtual network and launch the RDP session through the Azure portal.

  • Create an inbound NAT rule on an Azure Load Balancer that maps port 443 to port 3389 on the VM.

  • Assign a public IP address to the VM and restrict RDP with a Network Security Group source IP filter.

Microsoft Azure Security Engineer Associate AZ-500
Secure compute, storage, and databases
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot