- 6 views
Exam
Answer confirmed
Question
You have an Azure virtual machine named VM1 that has a private IP address only.
You configure the Windows Admin Center extension on VM1.
You have an on-premises computer that runs Windows 11. You use the computer for server management.
You need to ensure that you can use Windows Admin Center from the Azure portal to manage VM1.
What should you configure?
Proposed answer
- A. an Azure Bastion host on the virtual network that contains VM1.
- B. a VPN connection to the virtual network that contains VM1.
- C. a private endpoint on the virtual network that contains VM1.
- D. a network security group (NSG) rule that allows inbound traffic on port 443.
Suggested answer
- D (48%)
- B (36%)
- A (15%)
Correct answer
The correct answer is B:
Management PC requirements
The management PC or other system that you use to connect to the Azure portal has the following requirements:
- The Microsoft Edge or Google Chrome web browser
- Access to the virtual network that's connected to the VM (this is more secure than using a public IP address to connect). There are many ways to connect to a virtual network, including by using a VPN gateway.
hchafloque
Highly Voted 1 year, 10 months ago
"You need to ensure that you can use Windows Admin Center from the Azure portal" - The portal use 443 port. No VPN required, the use is trough Portal, not RDP access. Answer, D.
upvoted 12 times
edykss
Highly Voted 2 years, 2 months ago
Answer is Correct
upvoted 9 times
Ksk08
Most Recent 1 week, 1 day ago
B. a VPN connection to the virtual network that contains VM1.
upvoted 1 times
Ksk08
4 weeks ago
Answer is A
upvoted 1 times
NicolaF
2 months, 1 week ago
no public ip so B is the correct answer. Private Endpoints allows you to access resources from Azure
upvoted 1 times
Mladen_66
5 months, 1 week ago
Selected Answer: B
If your target Azure VMs don't have public IPs, and you want to manage these VMs from a Windows Admin Center gateway deployed in your on-premises network, you need to configure your on-premises network to have connectivity to the VNet on which the target VMs are connected. There are 3 ways you can do this: ExpressRoute, Site-to-Site VPN, or Point-to-Site VPN. https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-azure-vms#connecting-to-vms-without-a-public-ip
upvoted 4 times
[Removed]
5 months, 3 weeks ago
Answer is C. The key word here is private IP address. C. Private endpoints allow you to access Azure services (such as VM1) over a private IP address within the virtual network. By configuring a private endpoint for VM1, you can securely manage it using Windows Admin Center from the Azure portal.
upvoted 1 times
Kuikz
7 months, 3 weeks ago
Selected Answer: B
I agree with B. https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-vm
upvoted 2 times
boapaulo
11 months, 1 week ago
Better, scenario is the Bastion in security, however if we look at cost, without a doubt the NSG releasing port 443.
upvoted 2 times
dolphan904
11 months, 1 week ago
The ON-PREM Windows 11 client is connecting to the Azure Portal which in turn then allows the admin to manage the Azure VM (VM1) via its extension. That connection happens inbound to the VM via PORT 443, therefore, you must allow inbound traffic for PORT 443 on the NSG attached to the VM or the subnet that is hosting it. The others make no sense here. You DO NOT need a VPN connection to manage an Azure resource via the Azure Portal. Nor should need to go to the trouble of putting one together to manage an Azure VM via the WAC tool. Its an HTTP tool. That is the whole point of using WAC.
upvoted 2 times
Bolo92
11 months, 4 weeks ago
valid 27.11.23
upvoted 3 times
RickySmith
1 year, 1 month ago
Selected Answer: D
None of these are correct. A. an Azure Bastion host on the virtual network that contains VM1. - No WAC involved. B. a VPN connection to the virtual network that contains VM1. - That will allow you to install WAC on the W11 device and manage the server, but that is not the question here. C. a private endpoint on the virtual network that contains VM1. - Again no WAC involved. D. a network security group (NSG) rule that allows inbound traffic on port 443. - This is the closest and yet not correct as per documentation at https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-vm#installing-in-a-vm Based on the above, I would mark D as the answer.
upvoted 3 times
SantaClaws
11 months, 3 weeks ago
WAC is not on port 443 by default. Also, the VM only has a private ip, so your workstation has no access without a vpn. So D is for sure wrong. The answer is B because there needs to be a VPN connection between the on-prem server and azure vm for you to access it at all. The best way of doing it is using a s2s vpn specifically if possible. https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-vm#management-pc-requirements
upvoted 3 times
windowsmodulesinstallerworker
1 year, 1 month ago
Selected Answer: B
The management PC or other system that you use to connect to the Azure portal has the following requirements: The Microsoft Edge or Google Chrome web browser Access to the virtual network that's connected to the VM (this is more secure than using a public IP address to connect). There are many ways to connect to a virtual network, including by using a VPN gateway.
upvoted 2 times
windowsmodulesinstallerworker
1 year, 1 month ago
The management PC or other system that you use to connect to the Azure portal has the following requirements: The Microsoft Edge or Google Chrome web browser Access to the virtual network that's connected to the VM (this is more secure than using a public IP address to connect). There are many ways to connect to a virtual network, including by using a VPN gateway.
upvoted 1 times
[Removed]
1 year, 2 months ago
It's B. S2S Connection.
upvoted 1 times
PXAbstraction
1 year, 3 months ago
Selected Answer: B
In my mind, this has to be B. You're connecting from on-prem to a server in Azure that only has a private IP address. Without a tunnel, the NSG isn't going to work as you're connecting to a private address in a different network.
upvoted 1 times
stormyR
1 year, 5 months ago
Selected Answer: D
• A. an Azure Bastion host on the virtual network that contains VM1. - Not the recommended procedure nor product for long term management. • B. a VPN connection to the virtual network that contains VM1. - most costly and secure approach • C. a private endpoint on the virtual network that contains VM1. - not recommended D. a network security group (NSG) rule that allows inbound traffic on port 443 - most agreeable
upvoted 6 times
fran199
1 year, 6 months ago
Selected Answer: D
D... Answer is Correct
upvoted 2 times
syu31svc
1 year, 8 months ago
Selected Answer: D
https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-vm Outbound internet access or an outbound port rule allowing HTTPS traffic to the WindowsAdminCenter and AzureActiveDirectory service tag Answer is D
upvoted 4 times
Burkidur
11 months ago
It says "outbound" (from VM), and the answer (D) says "inbound" (to VM).
upvoted 1 times
Duks
1 year, 8 months ago
Selected Answer: D
I would go with D. https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-vm
upvoted 1 times
sa66ath
1 year, 8 months ago
Selected Answer: A
Question refers to using Azure portal, so Bastion is required.
upvoted 5 times
nublit
2 months, 1 week ago
Correct. The Windows 11 machine is a distraction.
upvoted 1 times
sa66ath
1 year, 8 months ago
Question refers to using Azure portal, so Bastion is required.
upvoted 1 times
sa66ath
1 year, 9 months ago
Option B is partially correct, as a VPN connection to the virtual network that contains VM1 can enable you to connect to VM1 using its private IP address. This would allow you to access VM1 and manage it using Windows Admin Center from your on-premises computer running Windows 11. However, the question specifically asks for a solution that enables the use of Windows Admin Center from the Azure portal to manage VM1. A VPN connection to the virtual network does not enable this functionality as it only provides a secure connection between your on-premises computer and the virtual network. To enable the use of Windows Admin Center from the Azure portal, you need to use a private endpoint. This creates a private IP address within the virtual network that can be used to access Windows Admin Center securely over the Azure backbone network. This provides a more secure and scalable solution for managing VM1 from the Azure portal.
upvoted 2 times
Portman
1 year, 10 months ago
Based on this: https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-vm Correct answer is B
upvoted 3 times
Mahaendhiran
1 year, 10 months ago
Question is to " use Windows Admin Center from the Azure portal" to use from azure portal you need Azure Bastion. No direct access to VM required here. so the answer would be A
upvoted 4 times
BJack
1 year, 9 months ago
I agree...https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-vm
upvoted 3 times
BJack
1 year, 9 months ago
Sorry I've had a nightmare here. Firstly I responded to the wrong comment and secondly the info I supplied is incorrect. I just set this up, attempting to connect to a private IP address without a VPN is place and it didn't work. When attempting to connect the connection attempt came from my local browser, not the portal. So long story short, I'm going with D.
upvoted 2 times
BJack
1 year, 9 months ago
B not D!!!! What's wrong with me???
upvoted 5 times
hchafloque
1 year, 10 months ago
Similar to next question, 10th.
upvoted 2 times
jecawi9630
1 year, 11 months ago
Selected Answer: B
Has to be VPN. B is correct answer.
upvoted 3 times
[Removed]
2 years ago
Answer B seems to be correct, https://charbelnemnom.com/manage-windows-server-in-the-azure-portal-with-windows-admin-center/
upvoted 3 times