Microsoft Azure Architect Design (AZ-301) Practice Exam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Microsoft Azure Architect Design (AZ-301) Exam with interactive quizzes featuring flashcards and multiple-choice questions, each packed with hints and explanations to ace your certification test!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which component is recommended for enabling access to Azure virtual machines on a specific TCP/IP management port?

A site-to-site VPN
A network security group (NSG)
An Azure ExpressRoute connection
A public IP address

The correct answer is: A network security group (NSG)

The recommended component for enabling access to Azure virtual machines on a specific TCP/IP management port is a network security group (NSG). An NSG is essential for controlling and filtering network traffic to and from Azure resources within a virtual network. It allows you to define rules that permit or deny traffic based on various criteria, including source and destination IP addresses, ports, and protocols. By configuring an NSG, you can create rules that specifically allow management traffic on designated TCP/IP ports, such as RDP (port 3389) for Windows virtual machines or SSH (port 22) for Linux virtual machines. This precise control enhances security by ensuring that only authorized traffic can reach your virtual machines while blocking any unwanted access. In contrast, a site-to-site VPN and an Azure ExpressRoute connection are both methods for securely connecting on-premises networks to Azure, but they do not specifically manage traffic to the virtual machines themselves. A public IP address alone provides a route for external access to a resource but does not offer the granular control needed for managing access over specific ports, leaving it vulnerable if not secured properly.