Table of Contents
What is the key security benefit of using Azure Bastion for RDP or SSH?
Explore the primary security benefit of Azure Bastion. Understand how it provides secure RDP and SSH connections directly through the Azure portal, eliminating the need to expose your virtual machines to the public internet.
Question
What is the primary security benefit provided by Azure Bastion?
A. It eliminates the need to expose virtual machines to the public internet, providing a secure web-based connection.
B. It automatically grants direct public internet access to all virtual machines within a virtual network.
C. It primarily focuses on improving network speed and reducing latency for virtual machines.
D. It only provides detailed reports on virtual machine login activities without offering any security enhancements.
Answer
A. It eliminates the need to expose virtual machines to the public internet, providing a secure web-based connection.
Explanation
The information explicitly states that Azure Bastion eliminates the need to expose VMs to the public internet, which is its primary security benefit. For more information, please refer to the “Azure DDoS and Bastion Service – Overview” lecture.
Azure Bastion is a fully managed Platform-as-a-Service (PaaS) offering that provides secure and seamless Remote Desktop Protocol (RDP) and Secure Shell (SSH) connectivity to your virtual machines (VMs) directly through the Azure portal. Its primary security function is to act as a hardened jump server, broker, or proxy.
By deploying an Azure Bastion host into a virtual network, you can connect to any VM within that same or a peered virtual network without assigning a public IP address to the VM itself. The connection from your local machine to the Azure portal is protected by TLS, and the portal then initiates the RDP/SSH session to the target VM’s private IP address from the Bastion host. This architecture significantly reduces the attack surface because you no longer need to expose RDP (port 3389) or SSH (port 22) ports to the public internet, which are frequent targets for brute-force attacks and vulnerability scans.
Analysis of Incorrect Options
B. It automatically grants direct public internet access to all virtual machines within a virtual network. This is the opposite of Azure Bastion’s function. Its purpose is to prevent direct public access and provide a secure, brokered connection instead.
C. It primarily focuses on improving network speed and reducing latency for virtual machines. While the service is designed to be performant, its main value proposition is security through attack surface reduction, not network performance optimization.
D. It only provides detailed reports on virtual machine login activities without offering any security enhancements. This is incorrect. While Bastion’s diagnostic logs can be integrated with Azure Monitor to provide reports on session activity, its primary function is providing the secure connection itself. The connection method is the security enhancement; reporting is a secondary capability.
Microsoft Security Solutions Capabilities certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft Security Solutions Capabilities exam and earn Microsoft Security Solutions Capabilities certificate.