Answer-first summary for fast verification
Answer: Apply an NSG with an outbound rule denying destination port 3389 to VM1's network interface.
The correct answer is A. To prevent VM1 from accessing VM2 on port 3389, you should create a network security group (NSG) with an outbound security rule that denies access to destination port 3389 and apply this NSG to the network interface of VM1. This ensures that any outbound traffic from VM1 targeting port 3389 on any destination will be blocked. Options B, C, and D do not specifically address the requirement: configuring Azure Bastion (Option B) won't restrict this specific traffic, and creating rules to deny source port 3389 (Options C and D) is incorrect because the source port in most cases is dynamically assigned and not equal to 3389.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
In a setup with VM1 and VM2 in Subnet1 of VNet1 running Windows Server, how do you restrict VM1's access to VM2 on port 3389?
A
Apply an NSG with an outbound rule denying destination port 3389 to VM1's network interface.
B
Set up Azure Bastion within VNet1.
C
Create an NSG with an outbound rule denying source port 3389 for Subnet1.
D
Implement an NSG with an inbound rule denying source port 3389 for Subnet1.
No comments yet.