Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
-> A virtual network that has a subnet named Subnet1
-> Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1
-> A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections
NSG-Subnet1 has the default inbound security rules only.
NSG-VM1 has the default inbound security rules and the following custom inbound security rule:
-> Priority: 100
-> Source: Any
-> Source port range: *
-> Destination: *
-> Destination port range: 3389
-> Protocol: UDP
-> Action: Allow
VM1 has a public IP address and is connected to Subnet1. NSG-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.
You need to be able to establish Remote Desktop connections from the internet to VM1.
Solution: You add an inbound security rule to NSG-Subnet1 that allows connections from the Any source to the *destination for port range 3389 and uses the TCP protocol. You remove NSG-VM1 from the network interface of VM1.
Does this meet the goal?
Click on the arrows to vote for the correct answer
A. B.B
The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM.
Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default.
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connectionNo, the proposed solution does not meet the goal of allowing Remote Desktop connections from the internet to VM1.
The current custom inbound security rule in NSG-VM1 allows traffic on port 3389 using the UDP protocol. However, the proposed new inbound security rule in NSG-Subnet1 allows traffic on port 3389 using the TCP protocol. Therefore, the proposed new inbound security rule will not allow Remote Desktop connections to VM1.
Furthermore, removing NSG-VM1 from the network interface of VM1 will remove the custom inbound security rule that allows Remote Desktop connections. This means that even if the proposed new inbound security rule in NSG-Subnet1 was correctly configured, it would not allow Remote Desktop connections to VM1 because the necessary custom inbound security rule would be missing.
To meet the goal of allowing Remote Desktop connections from the internet to VM1, you should add an inbound security rule to NSG-VM1 that allows connections from the internet (by specifying the source IP addresses or ranges) to the destination IP address of VM1 on port 3389 using the TCP protocol. This will allow Remote Desktop connections to reach VM1 through the public IP address.