Learn how to use Azure policy to enforce rules and effects for your Azure resources, such as preventing virtual machines from being created in certain resource groups.
Question
Tradewind Traders has migrated its data and resources to Azure cloud services. They currently have multiple subscriptions and virtual networks in place. As part of their ongoing cloud implementation management wants to have the ability to prevent virtual machines from being created in certain resource groups. Which of the following can be used to prevent VM’s being created in specific resource groups?
A. Azure policy
B. Lock
C. Azure role
D. Tag
Answer
A. Azure policy
Explanation
The correct answer is A. Azure policy.
An Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. In this question, we would create an Azure policy assigned to the resource group that denies the creation of virtual machines in the resource group.
Azure policy is a service that allows you to create and assign policies that enforce rules and effects for your Azure resources. You can use Azure policy to prevent virtual machines from being created in certain resource groups by applying a policy definition that denies the creation of virtual machines at the resource group scope. For example, you can use the built-in policy definition named “Not allowed resource types” and specify “Microsoft.Compute/virtualMachines” as the value for the notAllowedResourceTypes parameter. This policy will block any attempt to create a virtual machine in the resource group where the policy is assigned. You can also create your own custom policy definitions to meet your specific requirements.
Locks, roles, and tags are not the correct choices because they do not provide the same functionality as Azure policy. Locks are used to prevent accidental or malicious deletion or modification of resources, but they do not prevent the creation of new resources. Roles are used to grant permissions to users, groups, service principals, and managed identities to perform actions on Azure resources, but they do not enforce rules or effects on the resources. Tags are used to organize and categorize your Azure resources based on metadata, but they do not prevent or allow any operations on the resources.
Microsoft Azure AI Fundamentals AI-900 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft Azure AI Fundamentals AI-900 exam and earn Microsoft Azure AI Fundamentals AI-900 certification.
Alex Lim
Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook
