Microsoft Azure Security Technologies (AZ-500)

Which Azure service can provide enhanced security for applications accessing Azure resources from a virtual network?

• A. Azure Bastion
• B. Azure Security Center
• C. Network Security Groups (NSG)
• D. Azure Sentinel

The correct answer is: Azure Security Center

The correct service that provides enhanced security for applications accessing Azure resources from a virtual network is Azure Bastion. This service allows secure and seamless RDP and SSH connectivity to virtual machines in your virtual network without exposing them directly to the internet. By using Azure Bastion, you eliminate the need for a public IP address on your virtual machines, significantly reducing the attack surface and enhancing overall security. Azure Bastion operates within a virtual network and establishes a secure connection through SSL, ensuring that the data in transit is encrypted. This capability allows application developers and administrators to access their virtual machines securely and helps protect against threats like IP address exposure or unauthorized access. While Azure Security Center, Network Security Groups, and Azure Sentinel all play important roles in securing Azure resources, they have different primary functions. Azure Security Center focuses on providing unified security management and threat protection across Azure resources, while Network Security Groups (NSG) allow you to control inbound and outbound network traffic to and from Azure resources. Azure Sentinel is a cloud-native SIEM (Security Information and Event Management) solution that provides intelligent security analytics and threat intelligence. In summary, Azure Bastion directly enhances the security of applications accessing Azure resources from a virtual network by providing secure access without needing public exposure, which sets it