Table of Contents
What are the key settings for allowing RDP traffic in Azure Network Security Groups?
Learn how to configure inbound security rules in Azure Network Security Groups. Understand the essential settings for allowing RDP traffic on port 3389, including source configurations, priority values, and security best practices for remote desktop access.
Question
What configuration is being set up in the “Add inbound security rule” panel, and what are the key settings applied?
A. An outbound security rule is being configured to deny all traffic to port 80.
B. An inbound security rule is being configured to allow all TCP traffic from a specific IP address.
C. An outbound security rule is being configured to allow SSH traffic to a specific destination port.
D. An inbound security rule is being configured to allow RDP traffic (port 3389) from any source, with a priority of 100.
Answer
D. An inbound security rule is being configured to allow RDP traffic (port 3389) from any source, with a priority of 100.
Explanation
The interface shows the “Service” set to “RDP,” which implies port 3389, the “Source” set to “Any,” and the “Priority” set to “100.” For more information, please refer to the “Network Security Groups – Demo” lecture.
The configuration panel displays an inbound security rule being created with the following key settings:
Service Type: RDP
The rule is set to the RDP (Remote Desktop Protocol) service, which automatically configures the destination port to 3389. This is the standard port used for remote desktop connections to Windows virtual machines.
Direction: Inbound
This rule controls incoming traffic to the virtual machine, not outgoing traffic. Inbound rules determine what external sources can initiate connections to resources within the subnet or network interface.
Source: Any
The source is configured as “Any,” meaning the rule permits RDP connection attempts from any IP address on the internet or within connected networks. This is a highly permissive setting that presents significant security risks in production environments. Best practice recommends restricting the source to specific IP addresses or ranges (such as your organization’s public IP or a VPN gateway) to minimize exposure to brute-force attacks.
Priority: 100
The priority value determines the order in which rules are evaluated. Lower numbers are processed first. With a priority of 100, this rule will be evaluated early in the rule processing sequence. If a conflicting rule with a higher priority number (such as 200 or 300) exists, this rule takes precedence.
Action: Allow
The rule permits matching traffic rather than denying it, enabling RDP connections to reach the target virtual machine.
Analysis of Incorrect Options
A. An outbound security rule is being configured to deny all traffic to port 80. This describes the opposite direction (outbound vs. inbound), wrong action (deny vs. allow), and wrong port (80 vs. 3389).
B. An inbound security rule is being configured to allow all TCP traffic from a specific IP address. While the direction is correct, the rule is specific to RDP service (port 3389), not all TCP traffic. Additionally, the source is “Any,” not a specific IP address.
C. An outbound security rule is being configured to allow SSH traffic to a specific destination port. This describes outbound traffic for SSH (port 22), whereas the actual configuration is for inbound RDP traffic (port 3389).
Microsoft Security Solutions Capabilities certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft Security Solutions Capabilities exam and earn Microsoft Security Solutions Capabilities certificate.