You have a resource group named RG1.
You plan to create virtual networks and app services in RG1.
You need to prevent the creation of virtual machines only in RG1.
What should you use?
A. a lock
B. an Azure role
C. a tag
D. an Azure policy
You have a resource group named RG1.
You plan to create virtual networks and app services in RG1.
You need to prevent the creation of virtual machines only in RG1.
What should you use?
A. a lock
B. an Azure role
C. a tag
D. an Azure policy
D is correct
Suggested Answer: D
Azure policies can be used to define requirements for resource properties during deployment and for already existing resources. Azure Policy controls properties such as the types or locations of resources.
Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements.
In this question, we would create an Azure policy assigned to the resource group that denies the creation of virtual machines in the resource group.
You could place a read-only lock on the resource group. However, that would prevent the creation of any resources in the resource group, not virtual machines only. Therefore, an Azure Policy is a better solution.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/overview
i think D is the right answer as it said only for VM if there is a lock you cant create the app services and the Virtual network
The answer is a lock.
You should test something like this yourself. Create a Resource Group called RG1 in Azure, put a read-only lock on the resource group. Then test creating a VM.
You will find when creating a VM then select the resource group with the lock. You will get the error “The selected resource group is read-only.
A lock would prevent users from creating VMs and any other resource. The question implies that you need to prevent creation of VMs only, thus Policies being the right answer.
Agree that the answer should be policy. It needs to restrict certain actions while not allowing others, policy would work while Lock would not.
Policy would be the right answer
Shouldn’t this be “D. an Azure policy”? From my understanding a lock would prevent all resources from being created just not a VM.
Yes, I agree. A lock would turn it read only for all resources, but in this case, we need avoid only the creation of VMs. In my opinion, a Policy sounds better.