Learn how to effectively manage Azure security policies across multiple subscriptions. Discover the right approach to deploying policy definitions to enhance your cloud security.
Table of Contents
Question
Note: scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center for the centralized policy management of three Azure subscriptions.
You use several policy definitions to manage the security of the subscriptions.
You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create a policy definition and assignments that are scoped to resource groups.
Does this meet the goal?
A. Yes
B. No
Answer
B. No
Explanation
Creating a policy definition and assignments that are scoped to resource groups does not meet the goal of deploying the policy definitions as a group to all three subscriptions. A policy definition is a rule that defines the desired configuration of your resources, and a policy assignment is the application of a policy definition to a scope, such as a subscription or a resource group. However, if you create a policy definition and assignment that are scoped to resource groups, you will only apply the policy to the resources within those groups, not to the entire subscriptions. Moreover, you will have to create and assign the policy definition separately for each resource group, which is not efficient or consistent.
A better solution is to create a policy initiative and assign it to a management group that contains all three subscriptions. A policy initiative is a collection of policy definitions that are grouped together towards a specific goal or purpose. A management group is a container that helps you organize your subscriptions and apply governance controls, such as policies, at a large scale. By creating a policy initiative and assigning it to a management group, you can deploy the policy definitions as a group to all three subscriptions in one step, and ensure that they are enforced consistently across your resources.
The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.
