You need to recommend a solution to meet the security requirements for the virtual machines.
What should you include in the recommendation?
You need to recommend a solution to meet the security requirements for the virtual machines.
What should you include in the recommendation?
To meet the security requirements for the virtual machines, the best solution is Azure Virtual Desktop. Azure Virtual Desktop (AVD) allows for the use of custom operating system images, which is a key requirement for the secure host needed for remote administration. This ensures that administrators can connect to a secure host that is tailored to specific security needs and configurations. While other options like Azure Bastion provide secure connections, they do not support the deployment from custom operating system images that AVD does.
The security requirement this question wants us to meet is "The secure host must be provisioned from a custom operating system image." https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-golden-image
Just coming back to this. I'd say you're wrong, sorry.\ Reasons: 1. Compliance requirements trumps all others and remote access connections need to be secure to meet HIPAA, so use of Azure Bastion most probably wins. 2. Azure Bastion doesn't support Azure Virtual Desktop: https://learn.microsoft.com/en-us/azure/bastion/bastion-faq#peering 3. You can deploy a custom image without needing AVD - what do you guys think a VM is exactly?
I agree that compliance requirements are the most important, but HIPAA or any compliance for that matter does not mandate use of Azure Bastion. As long as you are able to fulfil the security requirements using AVD, it should fit the bill. I would go for C option here.
It says "You need to recommend a solution to meet the security requirements for the virtual machines" ignore the other requirements such as HIPAA etc for this question
We need custom image so answer C is only correct. A yes, but this is in addition to Azure Virtual Desktop B no because custom image C yes D no, but needed for Jit
I totally agreed.
Obviously C here. The requirements state that the "jump box" must be running a custom image. Bastion is a fully managed non-customisanle PaaS product. The only answer that supports the requirement for a custom image is AVD.
“Administrators must connect to a secure host to perform any remote administration of the virtual machines. The secure host must be provisioned from a custom operating system image.” === Front the requirements, the second sentence would rule out bastion
I agree with PlumpyTumbler, if we need a custom image, we have to use AVD to provision it.
C is the answer. https://learn.microsoft.com/en-us/azure/virtual-desktop/create-custom-image-templates Custom image templates in Azure Virtual Desktop enable you to easily create a custom image that you can use when deploying session host virtual machines (VMs). Using custom images helps you to standardize the configuration of your session host VMs for your organization. Custom image templates are built on Azure Image Builder and tailored for Azure Virtual Desktop.
Gotten this in May 2023 exam.
I totally agree it's AVD because of the need for custom image.
By all accounts Bastion is for secure connections to host (win and linux) for admin and more purposes. Virtual desktop is not a security solution, but a workforce solution saving money and hassle, so not correct for this purpose. And if a custom VM is needed as the host to connect to other VMs from, then why not set up Bastion to connect to that custom admin VM only.
To meet the security requirements for the virtual machines, including allowing administrators to connect to a secure host for remote administration, you should recommend: B. an Azure Bastion host. Here's how this recommendation aligns with the requirements: Azure Bastion is a secure and managed jump server that allows you to connect to your virtual machines directly through the Azure portal over SSH or RDP. This ensures secure remote administration of the virtual machines. The requirement for administrators to connect to a secure host for remote administration is met by using Azure Bastion.
In the exam 29.05.2023
custom image is the key - hence will go for AVD
I think it's C. Reason: AVD can use custom images, and can host secure PAWs.
"Administrators must connect to a "secure host" to perform any remote administration of the virtual machines. The "secure host" must be provisioned from a custom operating system image." It is the "Secure Host" that must be provisioned from a custom operating system = locked down with minimum services = Bastion Host
Not sure that is the question : "Administrators must connect to a secure host to perform any remote administration of the virtual machines. The secure host must be provisioned from a custom operating system image." Is normaly intended to use a PAW station not an VDA station to make administration. Solution is for Dev not admins, so Bastion can respond I think.
Answer: C this is Azure Virtual Desktop Administrators must connect to a secure host to perform any remote administration of the virtual machines. The secure host must be provisioned from a custom operating system image.
Selected Answer: C "The secure host must be provisioned from a custom operating system image." https://www.youtube.com/watch?v=r-P-2lGzPFQ&list=PLQ2ktTy9rklhzzkSEZvDZT4QSIVUQZD-Y&index=9
I totally agreed with you guys here. AVD
we talk about ALL VMs. others comments re customer image is related to secure host ONLY. Therefore, its not applicable