You have an Azure subscription that contains the resources shown in the following table.
All the resources connect to a virtual network named VNet1.
You plan to deploy an Azure Bastion host named Bastion1 to VNet1.
Which resources can be protected by using Bastion1?
Azure Bastion is a service that provides secure and seamless RDP/SSH connectivity to virtual machines within a virtual network. It allows you to connect to the virtual machine using your browser and the Azure portal, or via the native SSH or RDP client already installed on your local computer. Therefore, the primary resource that Azure Bastion can protect is the virtual machine (VM1). Web apps and Azure AD DS domains are not suitable for Azure Bastion access, as they do not require or utilize RDP/SSH connectivity for such management functions. Consequently, VM1 is the only resource that can be protected by using Bastion1.
Be aware when checking CyberKelev comments - I think he is a troll as most of the time he posts wrong answers. Always verify with other comments
A is the answer. https://learn.microsoft.com/en-us/azure/bastion/bastion-overview Azure Bastion is a service you deploy that lets you connect to a virtual machine using your browser and the Azure portal, or via the native SSH or RDP client already installed on your local computer. The Azure Bastion service is a fully platform-managed PaaS service that you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over TLS. When you connect via Azure Bastion, your virtual machines don't need a public IP address, agent, or special client software.
correct answer A -- https://learn.microsoft.com/en-us/azure/bastion/bastion-overview
Bastion provides secure RDP and SSH connectivity to all of the VMs in the virtual network in which it is provisioned. Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world, while still providing secure access using RDP/SSH.
Bastion provides secure RDP and SSH connectivity to all of the VMs in the virtual network in which it is provisioned. Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the out-side world, while still providing secure access using RDP/SSH. "Protection against port scanning : Your VMs are protected against port scanning by rogue and malicious users because you don't need to expose the VMs to the internet." https://learn.microsoft.com/en-us/azure/bastion/bastion-overview
I actually choose E (everything) when this came up on the exam even though I knew it only is for VM use. I thought Microsoft were trying to teach a lesson i.e. "by protecting the VM you also indirectly protect everything else sharing the same VNET". That's what happens when you overthink... (so right answer is very likely A)
Azure Bastion is a service you deploy that lets you connect to a virtual machine using your browser and the Azure portal, or via the native SSH or RDP client already installed on your local computer
A is correct
Using the word "protected" here is odd to me, but Bastion is a form of RDP, its only going to reach the VM. Answer is A.
E. VM1, App1, and contoso.com can all be protected by using Bastion1.
I guess F is the right answer
Get tf out here
Well, I think, you're wrong. Bastion is used for secure access to VMs and that's it.
go away, fake answer
E. VM1, App1, and contoso.com. Azure Bastion is a fully managed PaaS service that provides secure and seamless RDP/SSH connectivity to the virtual machines within a virtual network. By deploying Bastion1 to VNet1, you can protect the access to all the resources connected to the virtual network, including VM1, App1, and contoso.com. Bastion1 provides a secure and streamlined way to access the virtual machines within VNet1 without the need to configure a public IP address or a VPN.
Bastion only connects to RDP and SSH in the back end. Neither a WebApp and a AD DS listen on 3389 or 22 (i.e. provide no services on these ports) so Bastion can't even connect to them, let alone protect them. Bastions protect VMs by allowing you to connect to them to manage them in a more secure way (i.e. RDP to Windows and SSH to Linux)