Home › Azure AZ-500 › cloudcomputing › az500networking › Which Microsoft Defender for Cloud feature lets …
Which Microsoft Defender for Cloud feature lets a security engineer OPEN management ports (3389 / 22 / 5985) on a VM only when needed and only from approved source IPs?
AJust-in-Time (JIT) VM Access
BPermanently-open RDP/SSH ports
CAzure DNS
DPublic-IP without NSG rules
Answer & Solution
Correct answer: A. Just-in-Time (JIT) VM Access
JIT VM access is Defender for Cloud's approval-gated port-opening (per AZ-500 §3 JIT). The others are insecure.
Related questions
Which Azure Virtual Network feature should a security engineer use to define custom routinWhich Azure tool should a security engineer use to capture and analyse VNet traffic flows Which Azure service lets a security engineer SSH or RDP into a VM through the Azure portalWhich Azure networking feature should a security engineer use to give an Azure storage accWhich Azure networking feature should a security engineer use to give a VM-hosted workloadWhich Azure DDoS protection tier should a security engineer recommend for an internet-faciWhich Azure global edge service should a security engineer use to protect a globally-distrWhich Azure service is the canonical L7 application gateway with built-in Web Application