AZ-900 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-900 Exam - Question 276

HOTSPOT -

You create a resource group named RG1 in Azure Resource Manager.

You need to prevent the accidental deletion of the resources in RG1.

Which setting should you use? To answer, select the appropriate setting in the answer area.

Hot Area:

Show Answer
Correct Answer:

You can configure a lock on a resource group to prevent the accidental deletion.

As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively.

✑ CanNotDelete means authorized users can still read and modify a resource, but they can't delete the resource.

✑ ReadOnly means authorized users can read a resource, but they can't delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.

Reference:

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

Discussion

9 comments
Sign in to comment
Abdelbaki
Feb 2, 2022

Correct

TonyghostR05
Oct 7, 2022

Lock to prevent the deletion

zellck
Jan 9, 2023

"Locks" is the answer. https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources As an administrator, you can lock an Azure subscription, resource group, or resource to protect them from accidental user deletions and modifications. The lock overrides any user permissions. You can set locks that prevent either deletions or modifications. In the portal, these locks are called Delete and Read-only. In the command line, these locks are called CanNotDelete and ReadOnly. - CanNotDelete means authorized users can read and modify a resource, but they can't delete it.

zellck
Jan 9, 2023

https://learn.microsoft.com/en-us/training/modules/describe-features-tools-azure-for-governance-compliance/4-describe-purpose-of-resource-locks A resource lock prevents resources from being accidentally deleted or changed. Even with Azure role-based access control (Azure RBAC) policies in place, there's still a risk that people with the right level of access could delete critical cloud resources. Resource locks prevent resources from being deleted or updated, depending on the type of lock. Resource locks can be applied to individual resources, resource groups, or even an entire subscription. Resource locks are inherited, meaning that if you place a resource lock on a resource group, all of the resources within the resource group will also have the resource lock applied.

iedodo
Mar 8, 2022

Azure resources locks are designed to prevent accidental deletion and/or modification. Locks are used in conjunction with RBAc

tacobear
Mar 12, 2022

it was on exam on 03/12/2022.

CodePro
Apr 9, 2022

Correct

Tehkl
Apr 17, 2024

its in the exam - 17-April-2024

liya1
Apr 23, 2024

got this on 22nd

Mikalai271
Jul 11, 2024

This question was in my exam on July 3, 2024