Microsoft Azure Administrator Associate AZ-104 Practice Question
Your company mandates that all newly created virtual machines (VMs) must have a 'Department' tag assigned during deployment. If a VM is created without this tag, the creation should be blocked. What should you do to meet this requirement?
Use Azure RBAC to restrict the creation of VMs without the 'Department' tag
Assign an Azure Policy with an 'Audit' effect that checks for the 'Department' tag on VMs
Assign an Azure Policy with a 'Deny' effect that requires the 'Department' tag on VMs
Apply a resource lock to prevent creation of VMs without the 'Department' tag
To enforce that all new VMs have a 'Department' tag, you should assign an Azure Policy with a 'Deny' effect that requires this tag on VMs. Azure Policy allows you to define rules that resources must comply with, and the 'Deny' effect prevents non-compliant resources from being created. Using a resource lock is not appropriate here because locks prevent modification or deletion of resources, not control their creation properties. Azure Role-Based Access Control (RBAC) manages permissions for users and groups but doesn't enforce tagging or specific properties on resources. An Azure Policy with an 'Audit' effect would only log non-compliant resources but wouldn't prevent their creation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Azure Policy and how does it work?
Open an interactive chat with Bash
What are the different effects that can be applied in Azure Policy?
Open an interactive chat with Bash
What is the difference between Azure Policy and Azure RBAC?
Open an interactive chat with Bash
Microsoft Azure Administrator Associate AZ-104
Manage Azure identities and governance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access