Free Microsoft Cybersecurity SC-100 Actual Exam Questions - Question 15 Discussion
HOTSPOT You have an Azure subscription that contains 100 virtual machines. The virtual machines are accessed by using Azure Bastion. You need to recommend a solution to ensure that only specific users in specific locations can access the virtual machines. The solution must meet the following requirements: • Restrict access to the virtual machines based on an originating IP address or a connection request by using just-in-time (JIT) VM access network-based controls. • Restrict access to the virtual machines based on role-based access control (RBAC) role assignments by using JIT VM access authorization controls. Which Microsoft cloud services should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. 
Azure Defender for JIT covers network and RBAC controls; Conditional Access isn’t needed here.
I’m thinking Azure Defender (formerly Security Center) for JIT VM access since it controls network-level and time-limited access, which hits the network-based control requirement. For RBAC controls, Azure Role-Based Access Control itself is the obvious choice since it manages who can request JIT access. Azure Bastion doesn’t do IP restrictions by itself, so relying on Defender for JIT plus RBAC seems right. Conditional Access might be overkill here since the question focuses on VM access controls rather than user authentication policies. So, Azure Defender + Azure RBAC would cover both parts o
This one’s tricky, need to think about how JIT ties into network and RBAC controls.