Configuring Just-in-Time (JIT) Access for Azure VMs
Question
You are the Azure security operations engineer for your organization.
There are over 20 virtual machines (VMs) running in the Azure West Europe region.
There is a single virtual network (VNET) configured with three subnets.
Each subnet has a Network Security Group (NSG) assigned.
You need to configure Just-in-Time (JIT) access for all 20 VMs.
Which five actions should you perform in sequence? To answer, move the appropriate actions from the list of possible actions to the answer area and arrange them in the correct order.
Create a list in the correct order.
A.Select Block all other access on VMs.
B.Enter the port numbers 22 SSH and 3389 RDP.
C.Select Just-in-Time VM Acess D.Select each VM.
E.
Select the Not configured tab.
F.
Open the Security Center dashboard.
G.Select Enable JIT on VMs.
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: C
You should perform the following actions in order:
1
Open the Security Center dashboard.
2
Select Just-in-Time VM Access.
3
Select the Not Configured tab.
4
Select each VM.
5
Select Enable JIT on VMs.
You should first open the Security Center Dashboard.
This dashboard allows you to quickly view your current security posture and score and gives you deep analysis of your tenant from a security perspective.
When you open Security Center, it shows you different tiles including Policy & Compliance,
Resource security hygiene, and threat protection, giving you recommendations to help improve your security score.
You should then Select Just-in-Time VM Access.
You are given three tabs showing Configured, Not Configured, and Not Recommended VMs.
You should select the Not Configured tab.
This tab lists all VMs that do not yet have JIT access enabled on them.
Then you should select each VM and enable JIT by clicking on the Enable JIT on VMs button.
You should not enter the port numbers 22 SSH and 3389 RDP.
Although both ports are blocked by enabling JIT, you do not need to explicitly enter them.
They are blocked by default.
You should not click on Block all other access on VMs.
When JIT is enabled, access is blocked to the specified ports only.
Reference:
The correct sequence of actions to configure Just-in-Time (JIT) access for all 20 virtual machines in Azure West Europe region is:
F. Open the Security Center dashboard. C. Select Just-in-Time VM Access. E. Select the Not Configured tab. D. Select each VM. G. Select Enable JIT on VMs.
Step-by-Step Explanation: F. Open the Security Center dashboard: The first step is to open the Azure Security Center dashboard. This can be done by navigating to the Azure portal, selecting Security Center from the list of services, and then selecting the Security Center dashboard from the left-hand menu.
C. Select Just-in-Time VM Access: Once the Security Center dashboard is open, select Just-in-Time VM Access from the left-hand menu. This will open the Just-in-Time VM Access pane.
E. Select the Not Configured tab: Within the Just-in-Time VM Access pane, select the Not Configured tab. This tab displays a list of all the virtual machines that do not currently have JIT access configured.
D. Select each VM: For each virtual machine that requires JIT access, select the virtual machine from the list. This will open the JIT VM Access pane for that specific VM.
G. Select Enable JIT on VMs: Within the JIT VM Access pane, select Enable JIT on VMs. This will open the JIT VM Access configuration wizard. Follow the steps of the wizard to configure JIT access, including selecting the ports that require JIT access (in this case, port numbers 22 SSH and 3389 RDP) and setting the duration of the access window.
A. Select Block all other access on VMs: Once JIT access is configured for all required virtual machines, select Block all other access on VMs from the Just-in-Time VM Access pane. This will ensure that all access to the virtual machines is blocked except for the JIT access that has been configured.
Therefore, the correct sequence of actions is F, C, E, D, G, A.
