Home » Microsoft » AZ-900 v.2 » This question-requires that you evaluate the underlined text to determine if it is correct.
This question-requires that you evaluate the underlined text to determine if it is correct.
Resource groups provide organizations with the ability to manage the compliance of Azure resources across multiple subscriptions.
Instructions: Review the underlined text. If it makes the statement correct, select "No change is needed". If the statement is incorrect, select the answer choice that makes the statement correct.
A. No change is needed
B. Management groups
C. Azure policies
D. Azure App Service plans
Correct Answer: C
Explanation/Reference:
Azure policies can be used to define requirements for resource properties during deployment and for already existing resources. Azure Policy controls properties such as the types or locations of resources.
Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. Azure Policy meets this need by evaluating your resources for non-compliance with assigned policies. All data stored by Azure Policy is encrypted at rest.
For example, you can have a policy to allow only a certain SKU size of virtual machines in your environment. Once this policy is implemented, new and existing resources are evaluated for compliance. With the right type of policy, existing resources can be brought into compliance.
References: https://docs.microsoft.com/en-us/azure/governance/policy/overview
How To Pass AZ-900 Exam?
Microsoft AZ-900 PDF dumps.
High quality AZ-900 pdf and software. VALID exam to help you pass.
|
 |
Management Groups
To me the correct answer is B. Management groups
My logic is
Management Groups are used across subscriptions (“If your organization has many Azure subscriptions, you may need a way to efficiently manage access, policies, and compliance for those subscriptions. Management groups provide a governance scope above subscriptions”)
Azure Policy is used within one subscription
If your organization has many subscriptions, you may need a way to efficiently manage access, policies, and compliance for those subscriptions. Azure management groups provide a level of scope above subscriptions. You organize subscriptions into containers called “management groups” and apply your governance conditions to the management groups. All subscriptions within a management group automatically inherit the conditions applied to the management group. Management groups give you enterprise-grade management at a large scale no matter what type of subscriptions you might have. All subscriptions within a single management group must trust the same Azure Active Directory tenant.
https://docs.microsoft.com/en-us/azure/governance/management-groups/overview
https://docs.microsoft.com/en-us/azure/governance/policy/overview
Azure policies can be deployed via Management Groups, but I still think Azure Policy is correct.
Correct answer is:
B.Management groups
https://docs.microsoft.com/en-us/azure/governance/management-groups/overview
For example, you can apply policies to a management group that limits the regions available for virtual machine (VM) creation. This policy would be applied to all management groups, subscriptions, and resources under that management group by only allowing VMs to be created in that region.
But you can have a lot of subscriptions as you need , but not necessary a Management Group. And a Azure Policy is the way to manage the rules across those subscriptions.
From Microsofts own site:
Management groups are containers that help you manage access, policy, and compliance across multiple subscriptions. Create these containers to build an effective and efficient hierarchy that can be used with Azure Policy and Azure Role Based Access Controls.
https://docs.microsoft.com/en-us/azure/governance/management-groups/overview
B. Management groups