Practice Test 3 | Microsoft Azure Security Technologies | AZ-500 | Dumps | Mock Test
Your company has defined a set of virtual machines as part of its subscription. The company currently has Azure P2 Premium licenses for its users. They are using Microsoft Defender for Cloud
They want to enable Just in time access for the virtual machines. The company wants to ensure that the solution minimizes costs.
Which of the following Role-Based Access actions need to be allowed, for users, so can have just-in-time access to a virtual machine? Choose two answers from the options given below.
A. Microsoft.Security/locations/jitNetworkAccessPolicies/write
B. Microsoft.Security/locations/jitNetworkAccessPolicies/initiate/action
C. Microsoft.Compute/virtualMachines/write
D. Microsoft.Compute/virtualMachines/read
In this question, we have to decide two Role-Based Access actions that need to be allowed, from the given option, for a user that would request Just-in-time access to a virtual machine.
Answer — B and D
Option B is correct, because Microsoft.Security/locations/jitNetworkAccessPolicies/initiate/action is requires by user to access a JIT protected VM
Option D is Correct because Microsoft.Security/locations/jitNetworkAccessPolicies/read is also requiered for a user to access a JIT protected VM.
Option A is incorrect because Microsoft.Security/locations/jitNetworkAccessPolicies/write is required by the user for editing JIT policies for a VM.
Option C is incorrect Microsoft.Compute/virtualMachines/write is required by the user for editing JIT policies for a VM.
Explanation:
JIT stands for just in time access for a specific time period.
Threat actors actively hunt accessible VM machines, with open management ports. All of your virtual machines are potential targets for an attack. When a VM is successfully compromised. it’s used as the entry point to attack further resources within your environment.
As with all cybersecurity prevention techniques, our goal should be to reduce the attack surface. In this case, that means having fewer open ports, especially management ports.
On the other hand, legitimate users should be able to use the management port without any hassle.
To solve this dilemma, Microsoft Defender for Cloud offers JIT access. we can lock down the inbound traffic to our VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed by a legitimate user (A JIT and time-bound access to VM).
For more information, please see the following. 
Since this is given in the Microsoft documentation, all other options are incorrect.
For more information on just-in-time virtual machine access, one can visit the below URL-
Understanding just-in-time virtual machine access in Microsoft Defender for Cloud | Microsoft Learn
Comments are closed, but trackbacks and pingbacks are open.