You need to allow RDP traffic from your office to a virtual machine on Azure. Which resource should you modify?

  1. Virtual Network Gateway
  2. Network Security Group (NSG) ✓
  3. Load Balancer
  4. Application Gateway

Correct answer: Network Security Group (NSG)

Option B is correct because a Network Security Group (NSG) is the Azure resource that contains inbound and outbound security rules controlling traffic to network interfaces, VMs, and subnets. To allow RDP (TCP port 3389) from a specific office IP, you add an inbound allow rule to the NSG associated with the VM's subnet or NIC. Option A is wrong because a Virtual Network Gateway is used for VPN or ExpressRoute connectivity between on-premises networks and Azure, not for filtering individual VM traffic. Option C is wrong because a Load Balancer distributes incoming connections across multiple backend VMs and is not designed to selectively permit or deny traffic based on source IP for a single VM. Option D is wrong because Application Gateway is an HTTP/HTTPS layer-7 load balancer and WAF solution, not a mechanism for allowing RDP (layer-4) traffic to individual VMs.

Topic: · azure, network security group, rdp, vm networking

Practice Microsoft Azure Administrator (AZ-104) Questions Free