You need to ensure that users can access VM0. The solution must meet the platform protection requirements. What should you do?

QuestionsCategory: AZ-500You need to ensure that users can access VM0. The solution must meet the platform protection requirements. What should you do?
Admin Staff asked 4 months ago
You need to ensure that users can access VM0. The solution must meet the platform protection requirements.
What should you do?

A. Move VM0 to Subnet1.

B. On Firewall, configure a network traffic filtering rule.

C. Assign RT1 to AzureFirewallSubnet.

D. On Firewall, configure a DNAT rule.








 

Suggested Answer: A

Azure Firewall has the following known issue:
Conflict with Azure Security Center (ASC) Just-in-Time (JIT) feature.
If a virtual machine is accessed using JIT, and is in a subnet with a user-defined route that points to Azure Firewall as a default gateway, ASC JIT doesn't work.
This is a result of asymmetric routing ג€" a packet comes in via the virtual machine public IP (JIT opened the access), but the return path is via the firewall, which drops the packet because there is no established session on the firewall.
Solution: To work around this issue, place the JIT virtual machines on a separate subnet that doesn't have a user-defined route to the firewall.
Scenario:
 Reference Image
Following the implementation of the planned changes, the IT team must be able to connect to VM0 by using JIT VM access.
 Reference Image
References:
https://docs.microsoft.com/en-us/azure/firewall/overview

This question is in AZ-500 Exam
For getting Microsoft Azure Security Engineer Associate Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Microsoft. 
The website does not contain actual questions and answers from Microsoft's Certification Exams.
Trademarks, certification & product names are used for reference only and belong to Microsoft.

Recommended

Welcome Back!

Login to your account below

Create New Account!

Fill the forms below to register

Retrieve your password

Please enter your username or email address to reset your password.