Practice Test 2 | Microsoft Azure Security Technologies | AZ-500 | Dumps | Mock Test
View Case Study
The user whizlabusr8 has been assigned the Owner role for the resource groups – whizlabrg4, whizlabrg5, and whizlabrg6. In which of the following group/groups would the user be able to create virtual networks?
A. whizlabrg4 only
B. whizlabrg6 only
C. whizlabrg5 and whizlabrg6 only
D. whizlabrg4, whizlabrg5 and whizlabrg6
Answer – C
WhizlabRg1 has only Delete lock. Hence inside WhizlabRg1, VNet can be created.
Whizlabrg2 has Read-only Lock. Hence inside WhizlabRg2, VNet can not be created.
Whizlabrg3 has both ‘Read-only’ & ‘Delete’ Locks. Hence inside WhizlabRg3, VNet can not be created.
Whizlabrg4 has Allowed resource types: networkSecurityGroups. Hence inside WhizlabRg4, VNet can not be created. Inside WhizlabRg4 only NSG can be created.
Whizlabrg5
1. Not Allowed resource types: networkSecurityGroups: Means inside this resource group NSG can not be created.
2. Not Allowed resource types: virtualNetworks/subnets. This will not allow us to create any subnet. Hence from the Azure portal, we can create any VNet inside WhizlabRg5 with reason: when we create a VNet from azure portal, by default, a sunet is created. But we can create a VNet without any subnet from CLI or PowerShell.
Means inside Whizlabrg5, a VNet can be created.
Whizlabrg6 has Not Allowed resource types ‘virtualNetworks/virtualNetworkPeerings’. By this policy, a VNet peering can not be created but no restriction to create a VNet.
This means the only possible resource group where a VNet can be created are: Whizlabrg5 and Whizlabrg6Resource Type: Defines the resource types that you can deploy. Its effect is to deny all resources that aren’t part of this defined list.
Ref: Allowed Resource Type: Defines the resource types that you can deploy. Its effect is to deny all resources that aren’t part of this defined list.
https://docs.microsoft.com/en-us/azure/governance/policy/overview
Comments are closed, but trackbacks and pingbacks are open.