Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Microsoft Discussions

Exam AZ-140 topic 4 question 22 discussion

Actual exam question from Microsoft's AZ-140
Question #: 22
Topic #: 4
[All AZ-140 Questions]

You have an on-premises network and an Azure subscription. The subscription contains the following:
✑ A virtual network
✑ An Azure Firewall instance
✑ An Azure Virtual Desktop host pool
The virtual network connects to the on-premises network by using a site-to-site VPN.
You need to ensure that only users from the on-premises network can connect to the Azure Virtual Desktop managed resources in the host pool. The solution must minimize administrative effort.
What should you configure?

  • A. a conditional access policy
  • B. an Azure Firewall rule
  • C. a network security group (NSG) rule
  • D. a user-defined route
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by bugdad at April 29, 2022, 7:15 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
bugdad
Highly Voted 2 years, 2 months ago
I think it should be A... AVD is accesable from anywhere
upvoted 5 times
Alessandro365
1 month, 3 weeks ago
correct, this is the point!! Answer A is correct
upvoted 1 times
...
...
Frankmmendoza
Most Recent 12 hours, 25 minutes ago
Selected Answer: C
Based on the requirement to restrict access to AVD resources to users from the on-premises network over a site-to-site VPN connection, configuring a network security group (NSG) rule is the correct and optimal solution. It effectively meets the security requirement while minimizing administrative effort, aligning with best practices for network security in Azure environments.
upvoted 1 times
...
MarineCellenza
2 months ago
Selected Answer: B
Correct answer it is B as there is already an Azure Firewall available. https://github.com/Azure/RDS-Templates/tree/master/AzureFirewallPolicyForAVD It could not be a Conditional Access Policy because the location is referring to public IPs not the private ranges you use on-prem. check this for more info: https://learn.microsoft.com/en-us/entra/identity/conditional-access/location-condition
upvoted 1 times
...
ESAJRR
5 months, 2 weeks ago
Selected Answer: B
B. an Azure Firewall rule
upvoted 1 times
...
AKov77777
8 months ago
Selected Answer: B
B? https://learn.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop?tabs=azure
upvoted 2 times
...
Judith1969
8 months ago
B? Becasue there is a "An Azure Firewall instance" and question states "The solution must minimize administrative effort."
upvoted 1 times
...
Ishraj
10 months, 3 weeks ago
Selected Answer: B
It talks about AVD managed resources. It should be B
upvoted 1 times
...
picho707
12 months ago
The key piece of information here is "minimize administrative effort". I do think this is easier to do with CA policy as it gives the administrator more control of the VDI environment.
upvoted 1 times
...
Leocan
1 year, 1 month ago
Selected Answer: A
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
upvoted 1 times
MarineCellenza
2 months ago
Correct answer it is B. in CAP the location is referring to public IPs not the private range you use on-prem check this for more info: https://learn.microsoft.com/en-us/entra/identity/conditional-access/location-condition
upvoted 1 times
...
...
PXAbstraction
1 year, 6 months ago
Agreed, should be A. You could theoretically attain the same goal with B, but far less effectively and elegantly.
upvoted 3 times
...
Jakobss
1 year, 6 months ago
Selected Answer: A
To ensure that only users from the on-premises network can connect to the Azure Virtual Desktop managed resources in a host pool, you can use Azure Firewall to restrict access to the Azure Virtual Desktop resources. Azure Firewall allows you to control inbound and outbound network traffic to and from your Azure resources, including Azure Virtual Desktop resources.
upvoted 4 times
...
choy1977
1 year, 7 months ago
This must be A.. can't understand why b has been selected!
upvoted 1 times
picho707
12 months ago
This can be easily done with a single firewall rule.
upvoted 2 times
hawkens
2 weeks, 5 days ago
Identify the On-Premises Network IP Range Configure Azure Firewall Network Rules Ensure VPN Connectivity Step 1: Identify the On-Premises Network IP Range Step 2: Configure Azure Firewall Network Rules Navigate to the Azure Firewall instance in the Azure portal Go to the "Rules" tab and select "Network rule collection" Set the priority (lower numbers have higher priority) Choose "Allow" for the action In the rule collection, add a new rule Set the source address range to the CIDR block of your on-premises network Set the destination address range to the IP addresses of the AVD host pool or the virtual network subnet where the AVD resources reside Set the destination port ranges to the appropriate ports used by AVD (e.g., 3389 for RDP) Set the protocol to "Any" or specify the protocol used by AVD Save the rule collection and ensure it is active. Ensure that the site-to-site VPN connection between your on-premises network and the Azure virtual network is properly configured Check that routing is correctly set up
upvoted 1 times
...
...
...
Luc401
1 year, 11 months ago
Selected Answer: A
Should be A
upvoted 2 times
...
LeGluten
1 year, 12 months ago
Selected Answer: A
A for sure, https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
upvoted 3 times
...
pappkarcsiii
2 years ago
Selected Answer: A
A. a conditional access policy
upvoted 2 times
...
JohnYen
2 years ago
Should be A https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
upvoted 2 times
...
AnonymousJhb
2 years, 1 month ago
A. as per CAP location. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
upvoted 2 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
ex Want to SAVE BIG on Certification Exam Prep?
close
ex Unlock All Exams with ExamTopics Pro 75% Off
  • arrow Choose From 1000+ Exams
  • arrow Access to 10 Exams per Month
  • arrow PDF Format Available
  • arrow Inline Discussions
  • arrow No Captcha/Robot Checks
Limited Time Offer
Ends in

Claim Offer Now
286 people claimed it in the last 6 hours