Explanation:
The correct answer is D because the current configuration (0.0.0.0/0) exposes the port to the entire internet. Limiting access to known IP addresses effectively blocks unauthorized attempts while allowing legitimate users. Option A is incorrect as shutting down the instance is not a practical security measure. Option B is not viable since it would deny all access, including legitimate users. Option C is incorrect because the default RDP port cannot be altered.
Ultimate access to all questions.
No comments yet.
Your Windows server, operating on a custom network, has an allow firewall rule configured with an IP filter of 0.0.0.0/0 and a protocol/port of tcp:3389. Despite this, the instance logs reveal numerous connection attempts via RDP from various IP addresses, hinting at a potential brute force attack. What modification to the firewall rule could mitigate this issue while still permitting legitimate access?
A
Terminate the instance to prevent any further access attempts.
B
Block all traffic destined for port 3389 to immediately halt the attack.
C
Modify the instance to operate RDP on a non-standard port and adjust the firewall rule accordingly.
D
Restrict the IP address range in the filter to exclusively permit connections from recognized IP addresses.