Answer-first summary for fast verification
Answer: Restrict the IP address range in the filter to exclusively permit connections from recognized IP addresses.
The correct answer is **D** because the current configuration (0.0.0.0/0) exposes the port to the entire internet. Limiting access to known IP addresses effectively blocks unauthorized attempts while allowing legitimate users. **Option A** is incorrect as shutting down the instance is not a practical security measure. **Option B** is not viable since it would deny all access, including legitimate users. **Option C** is incorrect because the default RDP port cannot be altered.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your Windows server, operating on a custom network, has an allow firewall rule configured with an IP filter of 0.0.0.0/0 and a protocol/port of tcp:3389. Despite this, the instance logs reveal numerous connection attempts via RDP from various IP addresses, hinting at a potential brute force attack. What modification to the firewall rule could mitigate this issue while still permitting legitimate access?
A
Terminate the instance to prevent any further access attempts.
B
Block all traffic destined for port 3389 to immediately halt the attack.
C
Modify the instance to operate RDP on a non-standard port and adjust the firewall rule accordingly.
D
Restrict the IP address range in the filter to exclusively permit connections from recognized IP addresses.
No comments yet.