Google Associate Cloud Engineer
Get started today
Ultimate access to all questions.
Your Windows server, operating on a custom network, has an allow firewall rule configured with an IP filter of 0.0.0.0/0 and a protocol/port of tcp:3389. Despite this, the instance logs reveal numerous connection attempts via RDP from various IP addresses, hinting at a potential brute force attack. What modification to the firewall rule could mitigate this issue while still permitting legitimate access?
Your Windows server, operating on a custom network, has an allow firewall rule configured with an IP filter of 0.0.0.0/0 and a protocol/port of tcp:3389. Despite this, the instance logs reveal numerous connection attempts via RDP from various IP addresses, hinting at a potential brute force attack. What modification to the firewall rule could mitigate this issue while still permitting legitimate access?
Explanation:
The correct answer is D because the current configuration (0.0.0.0/0) exposes the port to the entire internet. Limiting access to known IP addresses effectively blocks unauthorized attempts while allowing legitimate users. Option A is incorrect as shutting down the instance is not a practical security measure. Option B is not viable since it would deny all access, including legitimate users. Option C is incorrect because the default RDP port cannot be altered.