Your company is going to implement Azure Policy to manage governance across multiple Azure subscriptions. You’re exploring how to use Azure policies, initiatives, and definitions for the different departments. You’re researching how management groups can support your business scenarios.
The finance team requests resources and billing to be categorized by department, such as Marketing, Research, and Human Resources. They’d like billing consolidated across multiple resource groups to ensure all users comply with the solution.
Table of Contents
Question 1
There are several Azure policies that need to be applied to a new branch office. What’s the best approach?
A. Create a management group
B. Create a policy initiative
C. Create a policy definition
Answer
B. Create a policy initiative
Explanation
A policy initiative is a set of policy definitions that could be applied to the new branch office.
A is incorrect. Azure management groups provide a way for an organization to control and manage access, compliance, and policies for their subscription within their tenant.
C is incorrect. A policy definition expresses what to evaluate and what actions to take. Every policy definition has conditions under which it’s enforced. The definition has an accompanying effect that takes place if the conditions are met. Policy definitions can be grouped into policy initiatives.
Question 2
To satisfy the finance team’s request for billing by department, multiple resource groups have been created and the resource tags applied. What’s the next step?
A. Create a management group
B. Create an Azure policy
C. Review the Azure Policy compliance page
Answer
B. Create an Azure policy
Explanation
An Azure policy requires that a resource tag is applied before the resource is created.
A is incorrect. Azure management groups provide a way for an organization to control and manage access, compliance, and policies for their subscription within their tenant.
C is incorrect. The Azure Policy compliance page shows non-compliant initiatives, non-compliant policies, and non-compliant resources. Checking the page is useful after a policy is created and scoped.
Question 3
How can you ensure that only cost-effective virtual machine SKU sizes are deployed?
A. Periodically inspect the deployment to see which SKU sizes are used
B. Create an Azure RBAC role that defines the allowed virtual machine SKU sizes
C. Create a policy in Azure Policy that specifies the allowed SKU sizes
Answer
C. Create a policy in Azure Policy that specifies the allowed SKU sizes
Explanation
There’s a built-in Azure policy to specify the allowed virtual machine SKU sizes. After the policy is enabled, it’s applied whenever a virtual machine is created or resized.
A is incorrect. Although this method could work, the process would be time consuming and prone to errors.
B is incorrect. Azure RBAC roles can be used to determine who can create virtual machines, but the roles don’t necessarily reveal virtual machine SKU size.
Question 4
Which option can you use to manage governance across multiple Azure subscriptions?
A. Azure initiatives
B. Resource groups
C. Management groups
Answer
C. Management groups
Explanation
Management groups facilitate the hierarchical ordering of Azure resources into collections, at a level of scope above subscriptions. Distinct governance conditions can be applied to each management group, with Azure Policy and Azure role-based access controls, to manage Azure subscriptions effectively. The resources and subscriptions assigned to a management group automatically inherit the conditions applied to the management group.
A is incorrect. An Azure initiative is a collection of Azure policy definitions, or rules that are grouped together to support a specific goal or purpose.
B is incorrect. A resource group is a container that holds related resources for an Azure solution.
Microsoft Azure Administrator AZ-104 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft Azure Administrator AZ-104 exam and earn Microsoft Azure Administrator AZ-104 certification.