Azure Cloud Solutions
Question
You have a resource group named RG1.
You need to prevent the creation of virtual machines in RG1. The solution must ensure that other objects can be created in RG1.
What should you use?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.D
Azure policies can be used to define requirements for resource properties during deployment and for already existing resources. Azure Policy controls properties such as the types or locations of resources.
Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements.
In this question, we would create an Azure policy assigned to the resource group that denies the creation of virtual machines in the resource group.
You could place a read-only lock on the resource group. However, that would prevent the creation of any resources in the resource group, not virtual machines only. Therefore, an Azure Policy is a better solution.
https://docs.microsoft.com/en-us/azure/governance/policy/overviewThe correct answer to the question is D. an Azure policy.
Explanation:
Azure Policy is a service in Azure that allows you to create, assign, and manage policies that enforce rules over resources. It provides a way to enforce compliance with organizational standards and best practices. Azure Policy works by evaluating resources for compliance against policy definitions. Policy definitions are rules that are created in JSON format and describe the desired state for a specific resource or set of resources.
In this scenario, we want to prevent the creation of virtual machines in a specific resource group named RG1. To achieve this, we can create an Azure policy definition that denies the creation of virtual machines in RG1. Then we can assign this policy to the RG1 resource group. When the policy is applied, any attempt to create a virtual machine in RG1 will be denied.
The other options are incorrect:
A. A lock can be used to prevent deletion or modification of resources, but it cannot prevent the creation of virtual machines in a specific resource group.
B. An Azure role is used to grant permissions to users or groups to perform specific actions on resources. It cannot prevent the creation of virtual machines in a specific resource group.
C. A tag is used to organize resources and apply metadata to them. It cannot prevent the creation of virtual machines in a specific resource group.
