Exam AZ-900 All QuestionsBrowse all questions from this exam
Go to Exam
Question 276

HOTSPOT -

You create a resource group named RG1 in Azure Resource Manager.

You need to prevent the accidental deletion of the resources in RG1.

Which setting should you use? To answer, select the appropriate setting in the answer area.

Hot Area:

    Correct Answer:

    You can configure a lock on a resource group to prevent the accidental deletion.

    As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively.

    ✑ CanNotDelete means authorized users can still read and modify a resource, but they can't delete the resource.

    ✑ ReadOnly means authorized users can read a resource, but they can't delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.

    Reference:

    https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

Discussion
Abdelbaki

Correct

zellck

"Locks" is the answer. https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources As an administrator, you can lock an Azure subscription, resource group, or resource to protect them from accidental user deletions and modifications. The lock overrides any user permissions. You can set locks that prevent either deletions or modifications. In the portal, these locks are called Delete and Read-only. In the command line, these locks are called CanNotDelete and ReadOnly. - CanNotDelete means authorized users can read and modify a resource, but they can't delete it.

zellck

https://learn.microsoft.com/en-us/training/modules/describe-features-tools-azure-for-governance-compliance/4-describe-purpose-of-resource-locks A resource lock prevents resources from being accidentally deleted or changed. Even with Azure role-based access control (Azure RBAC) policies in place, there's still a risk that people with the right level of access could delete critical cloud resources. Resource locks prevent resources from being deleted or updated, depending on the type of lock. Resource locks can be applied to individual resources, resource groups, or even an entire subscription. Resource locks are inherited, meaning that if you place a resource lock on a resource group, all of the resources within the resource group will also have the resource lock applied.

TonyghostR05

Lock to prevent the deletion

Mikalai271

This question was in my exam on July 3, 2024

liya1

got this on 22nd

Tehkl

its in the exam - 17-April-2024

CodePro

Correct

tacobear

it was on exam on 03/12/2022.

iedodo

Azure resources locks are designed to prevent accidental deletion and/or modification. Locks are used in conjunction with RBAc