Exam AZ-104 All QuestionsBrowse all questions from this exam
Go to Exam
Question 148

HOTSPOT -

You have an Azure subscription that contains the resources shown in the following table.

The status of VM1 is Running.

You assign an Azure policy as shown in the exhibit. (Click the Exhibit tab.)

You assign the policy by using the following parameters:

Microsoft.ClassicNetwork/virtualNetworks

Microsoft.Network/virtualNetworks

Microsoft.Compute/virtualMachines

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

    Correct Answer:

Discussion
bogdan89

Y-N-N tested today in a LAB.

Diego19

Y-N-N is right. I have also tested it in LAB.

prashantjoge

How can the first be yes... Does not make sense

Jovial

at least try in azure before speaking nonsense

JayBee65

Maybe explain if you understand why, as it does sound illogical,

Acai

You didn't test it right....I mean no offense, my guess is you choose the wrong parameters. You can not move a virtual network into the another vnet if you apply the policy with the correct parameters. {"code":"ResourceMovePolicyValidationFailed","message":"Resource move policy validation failed. Please see details. Diagnostic information: subscription id '1134d0949e-63f2-7b877-8f40b-e445bc202bd6e', request correlation id '8008780447c-6995-4f21-8715-78164c23454b'.","details": Change some numbers around because of you cheeky ba...

GDMalled

Hi, could you please tell me how to select parameters to assign a policy at subscription/RG scope?? Thank you

comin

The answer is wrong. Just did the test following the same structure as in the question and the answer they give is correct. Answer: N Y N Why wouldn't the VM state change to deallocated? You just can't make changes in the Settings section.

Mozbius_

Policies don't make changes. They only mark already existing resources as non-compliant unless you setup a remediation which is not done by default. Policies affect new resources. I wasn't sure about changes done to already existing resources but it makes sense that policies also apply changes done after applying a policy. That's a topic found even in AZ-900.

Mozbius_

**that policies also apply to changes done after applying a policy

MrJJ10

VM1 never changed...its in RG2....nothing says its connected to VNET1 (VNET1 is RG1)....the policy is set for RG2

poosau

I can see that the options in the question are reversed now. (order is reversed)

S3ktar

The answers have been reversed but this is 100% correct. No - You cannot move a resource into a RG if the resource is restricted in the destination RG No - The VM will not become deallocated, it will instead be marked as non-compliant Yes - You can change the VNet address space, even with the virtualnetwork restriction, instead you will be prevented from making ANOTHER VNet and the existing VNet will be marked as Non-Compliant. Source: Tested it in my Azure Lab

_punky_

This is correct! The Policy is only restricted for creating new resources in RG2.

awssecuritynewbie

When a policy definition using the append effect is run as part of an evaluation cycle, it doesn't make changes to resources that already exist. Instead, it marks any resource that meets the if condition as non-compliant.

idlir

N-N-N Policy will identify the VM as not compliant but will not put VM in deallocate

Anon6969

This makes the most sense. Only one I am not sure on is how the policy would modify the change to the address space?

prashantjoge

I agree. Existing non-compliant resources can be remediated with a remediation task. But no action is taken against them other than to mark them as non-compliant

Baconrind

Agree with N-N-N, trying to move VNET1 to RG2 gives 'disallowed by policy' error after validation checking. Modifying address space fails with 'Failed to save address space changes to virtual network 'VNET2'. Error: Resource 'VNET2' was disallowed by policy. '

ostych

Agreed, tested in a lab.

Viggy1212

Date : Oct 8, 2023 Tested in LAB 1) Admin can move VNET1 to RG2 : No Validation Failed : Resource 'vnet1' was disallowed by policy. (Code: RequestDisallowedByPolicy) 2) VM state changed to deallocated : No VM is in Running state 3) Admin can modify address space of VNET2 : No Failed to save address space changes to virtual network 'vnet2'. Error: Resource 'vnet2' was disallowed by policy.

SkyZeroZx

1) Admin can move VNET1 to RG2 : No Validation Failed : Resource 'vnet1' was disallowed by policy. (Code: RequestDisallowedByPolicy) 2) VM state changed to deallocated : No VM is in Running state 3) Admin can modify address space of VNET2 : No Failed to save address space changes to virtual network 'vnet2'. Error: Resource 'vnet2' was disallowed by policy.

adilkhan

N N N final answer :)

[Removed]

Tested in LAB, the correct answer is N-N-N, don't waste too much time on this.

jaskotla

N-Y-N Tested Today.

tashakori

No No No

Y2

N-N-N Tested in lab, A - Cannot add a V-Net to the RG B- the VM's status will not be changed to deallocated C- Cannot modify Address space of V-Net in the RG

Jedi_sg2000

NYN is the answer

23169fd

Correct Answer: N N N

varinder82

Final Answer : NNY

Amir1909

Yes No Yes

sismer

For sure N-N-N

mihir25

No No Yes -- you can add and modify the address range as done in lab ( you can change existing address range cidr / also add new address range ) verified

Ahkhan

Policy doesn't apply to existing resources unless you run a remediation task and there is no mention of it. So third one is Y

nandakku

Answer is N-N-N