AZ-104 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-104 Exam - Question 148

HOTSPOT -

You have an Azure subscription that contains the resources shown in the following table.

The status of VM1 is Running.

You assign an Azure policy as shown in the exhibit. (Click the Exhibit tab.)

You assign the policy by using the following parameters:

Microsoft.ClassicNetwork/virtualNetworks

Microsoft.Network/virtualNetworks

Microsoft.Compute/virtualMachines

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

Show Answer
Correct Answer:

Discussion

17 comments
Sign in to comment
bogdan89
Dec 1, 2020

Y-N-N tested today in a LAB.

Diego19
Dec 12, 2020

Y-N-N is right. I have also tested it in LAB.

prashantjoge
Dec 13, 2020

How can the first be yes... Does not make sense

Jovial
Jan 12, 2021

at least try in azure before speaking nonsense

JayBee65
Jun 6, 2021

Maybe explain if you understand why, as it does sound illogical,

Acai
Jul 23, 2021

You didn't test it right....I mean no offense, my guess is you choose the wrong parameters. You can not move a virtual network into the another vnet if you apply the policy with the correct parameters. {"code":"ResourceMovePolicyValidationFailed","message":"Resource move policy validation failed. Please see details. Diagnostic information: subscription id '1134d0949e-63f2-7b877-8f40b-e445bc202bd6e', request correlation id '8008780447c-6995-4f21-8715-78164c23454b'.","details": Change some numbers around because of you cheeky ba...

GDMalled
Sep 27, 2021

Hi, could you please tell me how to select parameters to assign a policy at subscription/RG scope?? Thank you

comin
Jun 28, 2021

The answer is wrong. Just did the test following the same structure as in the question and the answer they give is correct. Answer: N Y N Why wouldn't the VM state change to deallocated? You just can't make changes in the Settings section.

Mozbius_
Jan 28, 2022

Policies don't make changes. They only mark already existing resources as non-compliant unless you setup a remediation which is not done by default. Policies affect new resources. I wasn't sure about changes done to already existing resources but it makes sense that policies also apply changes done after applying a policy. That's a topic found even in AZ-900.

Mozbius_
Jan 28, 2022

**that policies also apply to changes done after applying a policy

MrJJ10
Dec 27, 2022

VM1 never changed...its in RG2....nothing says its connected to VNET1 (VNET1 is RG1)....the policy is set for RG2

poosau
Dec 20, 2021

I can see that the options in the question are reversed now. (order is reversed)

S3ktar
Dec 23, 2021

The answers have been reversed but this is 100% correct. No - You cannot move a resource into a RG if the resource is restricted in the destination RG No - The VM will not become deallocated, it will instead be marked as non-compliant Yes - You can change the VNet address space, even with the virtualnetwork restriction, instead you will be prevented from making ANOTHER VNet and the existing VNet will be marked as Non-Compliant. Source: Tested it in my Azure Lab

_punky_
Jan 7, 2022

This is correct! The Policy is only restricted for creating new resources in RG2.

awssecuritynewbie
Feb 8, 2022

When a policy definition using the append effect is run as part of an evaluation cycle, it doesn't make changes to resources that already exist. Instead, it marks any resource that meets the if condition as non-compliant.

idlir
Nov 30, 2020

N-N-N Policy will identify the VM as not compliant but will not put VM in deallocate

Anon6969
Dec 5, 2020

This makes the most sense. Only one I am not sure on is how the policy would modify the change to the address space?

prashantjoge
Dec 13, 2020

I agree. Existing non-compliant resources can be remediated with a remediation task. But no action is taken against them other than to mark them as non-compliant

Baconrind
Mar 24, 2022

Agree with N-N-N, trying to move VNET1 to RG2 gives 'disallowed by policy' error after validation checking. Modifying address space fails with 'Failed to save address space changes to virtual network 'VNET2'. Error: Resource 'VNET2' was disallowed by policy. '

ostych
Apr 10, 2022

Agreed, tested in a lab.

Viggy1212
Oct 8, 2023

Date : Oct 8, 2023 Tested in LAB 1) Admin can move VNET1 to RG2 : No Validation Failed : Resource 'vnet1' was disallowed by policy. (Code: RequestDisallowedByPolicy) 2) VM state changed to deallocated : No VM is in Running state 3) Admin can modify address space of VNET2 : No Failed to save address space changes to virtual network 'vnet2'. Error: Resource 'vnet2' was disallowed by policy.

SkyZeroZx
Jan 6, 2024

1) Admin can move VNET1 to RG2 : No Validation Failed : Resource 'vnet1' was disallowed by policy. (Code: RequestDisallowedByPolicy) 2) VM state changed to deallocated : No VM is in Running state 3) Admin can modify address space of VNET2 : No Failed to save address space changes to virtual network 'vnet2'. Error: Resource 'vnet2' was disallowed by policy.

adilkhan
Jan 26, 2024

N N N final answer :)

[Removed]
Dec 21, 2023

Tested in LAB, the correct answer is N-N-N, don't waste too much time on this.

jaskotla
Nov 17, 2023

N-Y-N Tested Today.

tashakori
Mar 20, 2024

No No No

nandakku
Sep 30, 2023

Answer is N-N-N

Ahkhan
Nov 10, 2023

Policy doesn't apply to existing resources unless you run a remediation task and there is no mention of it. So third one is Y

mihir25
Nov 16, 2023

No No Yes -- you can add and modify the address range as done in lab ( you can change existing address range cidr / also add new address range ) verified

sismer
Dec 10, 2023

For sure N-N-N

Amir1909
Mar 21, 2024

Yes No Yes

varinder82
May 22, 2024

Final Answer : NNY

23169fd
May 30, 2024

Correct Answer: N N N

Jedi_sg2000
Jul 12, 2024

NYN is the answer

Y2
Jul 21, 2024

N-N-N Tested in lab, A - Cannot add a V-Net to the RG B- the VM's status will not be changed to deallocated C- Cannot modify Address space of V-Net in the RG