Learn how to use Azure policy to enforce resource consistency and compliance by creating a policy definition that specifies the allowed locations for your resources and assigning it to the appropriate scope.
Question
Tradewind Traders has migrated its data and resources to Azure cloud services. They currently have multiple subscriptions and virtual networks across multiple regions. As part of their ongoing cloud implementation management is implementing a policy that limits the creation of additional Azure resources by administrators to a region based on their office location and country. Which of the following can be used to implement this policy?
A. Read-only lock
B. Reservation
C. Azure policy
D. Management Group
Answer
C. Azure policy
Explanation
Azure policies can be used to define requirements for resource properties during deployment and for already existing resources. Azure Policy controls properties such as the types or locations of resources.
The correct answer is C. Azure policy.
Azure policy is a service in Azure that allows you to create, assign and manage policies that enforce rules and effects for your resources. You can use Azure policy to implement governance for resource consistency, regulatory compliance, security, cost and management.
In this scenario, Tradewind Traders wants to limit the creation of additional Azure resources by administrators to a region based on their office location and country. This is an example of resource consistency, as they want to ensure that their resources are deployed in a standardized and organized way. Azure policy can help them achieve this by creating a policy definition that specifies the allowed locations for their resources, and assigning it to the appropriate scope of resources, such as subscriptions or resource groups. The policy definition can also use parameters to customize the values for the allowed locations, such as “US East” or “UK South”. The policy effect can be set to “deny” to prevent the creation of resources that do not comply with the policy, or “audit” to log the violations for later review.
The other options are not correct because they do not help to implement the desired policy. A read-only lock is a mechanism that prevents any changes to a resource or resource group, such as deleting or modifying the resource. A reservation is a way to pre-pay for one or three years of a virtual machine, SQL database compute capacity, Azure Cosmos DB throughput, or other Azure resources to get a discounted rate. A management group is a container that helps you organize your subscriptions and apply governance controls, such as policies and role-based access control, at a large scale.
Microsoft Azure AI Fundamentals AI-900 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft Azure AI Fundamentals AI-900 exam and earn Microsoft Azure AI Fundamentals AI-900 certification.
Alex Lim
Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook
