Enhance your Azure security policy management across multiple subscriptions. Discover the most efficient way to deploy policy definitions to ensure top-notch security.
Table of Contents
Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center for the centralized policy management of three Azure subscriptions.
You use several policy definitions to manage the security of the subscriptions.
You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create a resource graph and an assignment that is scoped to a management group.
Does this meet the goal?
A. Yes
B. No
Answer
B. No
Explanation
Creating a resource graph and an assignment that is scoped to a management group does not meet the goal of deploying the policy definitions as a group to all three subscriptions. A resource graph is a service that allows you to query information about your Azure resources using the Azure Resource Graph Explorer or the Azure Resource Graph API. A resource graph can help you explore, analyze, and monitor your resources, but it does not allow you to create or assign policy definitions.
A management group is a container that helps you organize your subscriptions and apply governance controls, such as policies, at a large scale. However, creating an assignment that is scoped to a management group does not automatically deploy the policy definitions as a group to the subscriptions within the management group. An assignment is the application of a policy definition or an initiative to a scope, such as a management group, subscription, resource group, or resource. An initiative is a collection of policy definitions that are grouped together towards a specific goal or purpose.
To deploy the policy definitions as a group to all three subscriptions, you need to create an initiative that contains the policy definitions that you want to apply, and then assign the initiative to a management group that contains all three subscriptions. This way, you can deploy the policy definitions as a group to all three subscriptions in one step, and ensure that they are enforced consistently across your resources.
Microsoft Certified Azure Security Engineer Associate AZ-500 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft Certified Azure Security Engineer Associate AZ-500 exam and earn Microsoft Certified Azure Security Engineer Associate AZ-500 certification.