Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

Your company hosts several Windows Server VMs in a single Azure virtual network. Each VM currently has a public IP that allows direct RDP traffic on TCP 3389. The security team insists the RDP port must never be reachable from the internet, yet administrators must still start remote sessions from the Azure portal from any location. Which solution meets these requirements?

  • Deploy Azure Firewall and create DNAT rules that forward port 3389 only from approved administrator public IP addresses.

  • Configure an Azure Application Gateway with web application firewall (WAF) and route RDP traffic through the gateway.

  • Enable just-in-time VM access for the virtual machines in Microsoft Defender for Cloud.

  • Deploy Azure Bastion to the virtual network and remove the public IP addresses from the virtual machines.

Microsoft Azure Security Engineer Associate AZ-500
Secure compute, storage, and databases
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot