Free Microsoft Azure AZ-500 Actual Exam Questions - Question 8 Discussion
DRAG DROP You have an Azure subscription that contains the following resources: A virtual network named VNET1 that contains two subnets named Subnet1 and Subnet2. A virtual machine named VM1 that has only a private IP address and connects to Subnet1. You need to ensure that Remote Desktop connections can be established to VM1 from the internet. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange then in the correct order. 
I’d say start by creating and associating a public IP to VM1’s NIC, then modify the NSG to allow inbound TCP 3389, and finally check if any routing or firewall rules need updating for internet traffic.
Before opening ports, you have to make sure VM1 actually has a public IP, or else RDP from the internet won’t work. So assigning a public IP to VM1’s network interface makes sense first. Then, configuring the NSG to allow inbound on port 3389 is necessary to let the traffic through. Lastly, creating a NAT rule or appropriate routing ensures the traffic is correctly forwarded to VM1. Without the public IP and NSG change, creating routes or NAT alone won’t help since the VM wouldn’t be reachable from outside.
First, you need to add a public IP to VM1 so it’s reachable from the internet. Then, update the NSG to allow inbound RDP traffic on port 3389. Finally, set up the route or NAT to direct traffic correctly.
Is there any mention of assigning a public IP to VM1 or setting up a jump box? Without a public IP, RDP over internet won’t work directly. Also, is Network Security Group (NSG) configuration part of it?