Azure VM Remote Desktop Configuration | Exam AZ-104 Solution | Microsoft

Azure VM Remote Desktop Configuration

Prev Question Next Question

Question

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains the following resources:

-> A virtual network that has a subnet named Subnet1

-> Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1

-> A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections

NSG-Subnet1 has the default inbound security rules only.

NSG-VM1 has the default inbound security rules and the following custom inbound security rule:

-> Priority: 100

-> Source: Any

-> Source port range: *

-> Destination: *

-> Destination port range: 3389

-> Protocol: UDP

-> Action: Allow

VM1 has a public IP address and is connected to Subnet1. NSG-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1.

You need to be able to establish Remote Desktop connections from the internet to VM1.

Solution: You add an inbound security rule to NSG-Subnet1 and NSG-VM1 that allows connections from the internet source to the VirtualNetwork destination for port range 3389 and uses the TCP protocol.

Does this meet the goal?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B.

A

The default port for RDP is TCP port 3389. A rule to permit RDP traffic must be created automatically when you create your VM.

Note on NSG-Subnet1: Azure routes network traffic between all subnets in a virtual network, by default.

https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-connection

The proposed solution to add an inbound security rule to both NSG-Subnet1 and NSG-VM1 to allow connections from the internet source to the VirtualNetwork destination for port range 3389 and use the TCP protocol will not meet the goal of establishing Remote Desktop connections from the internet to VM1.

The current custom inbound security rule in NSG-VM1 allows Remote Desktop connections to VM1 using the UDP protocol on port 3389. However, the proposed solution suggests adding an inbound security rule that allows TCP traffic, which is not required for Remote Desktop connections to work. Additionally, the proposed rule is only added to the NSGs and not associated with any specific resource, so it will not achieve the goal of allowing Remote Desktop connections from the internet to VM1.

To enable Remote Desktop connections from the internet to VM1, the following steps can be taken:

  1. Update the custom inbound security rule in NSG-VM1 to use the TCP protocol instead of UDP protocol for port 3389.
  2. Add a new inbound security rule to NSG-VM1 that allows Remote Desktop connections from the internet. The rule should have the following properties:
    • Priority: Any value higher than the priority of the existing custom inbound security rule (for example, 110).
    • Source: Any or the specific public IP address(es) that will be used to connect to VM1.
    • Source port range: *
    • Destination: Any
    • Destination port range: 3389
    • Protocol: TCP
    • Action: Allow
  3. Ensure that VM1 has a public IP address associated with it. If it does not have a public IP address, create one and associate it with the network interface of VM1.
  4. Remove any existing inbound security rules in NSG-Subnet1 that may be blocking Remote Desktop connections to VM1.

By following the above steps, Remote Desktop connections can be established from the internet to VM1 while still maintaining network security using NSGs.

Prev Question Next Question