AZ-500 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-500 Exam - Question 21

Your company has an Azure subscription that includes two virtual machines, named VirMac1 and VirMac2, which both have a status of Stopped (Deallocated).

The virtual machines belong to different resource groups, named ResGroup1 and ResGroup2.

You have also created two Azure policies that are both configured with the virtualMachines resource type. The policy configured for ResGroup1 has a policy definition of Not allowed resource types, while the policy configured for ResGroup2 has a policy definition of Allowed resource types.

You then create a Read-only resource lock on VirMac1, as well as a Read-only resource lock on ResGroup2.

Which of the following is TRUE with regards to the scenario? (Choose all that apply.)

Show Answer
Correct Answer: BCD

A read-only lock prevents users from making any modifications to the resource, including starting or stopping a virtual machine. Therefore, you will not be able to start VirMac1. Additionally, a read-only lock on a resource group prevents any new resources from being created within that group, so you will not be able to create a virtual machine in ResGroup2.

Discussion

17 comments
Sign in to comment
SajjadKarimOptions: BD
Jul 8, 2021

Correct answer is B and D, When you will create a virtual machine in ResGroup2 it will give you error "The selected resource group is read only"

dumdada
Aug 6, 2021

correct

[Removed]
Dec 2, 2021

correct

justjeroen
May 6, 2023

But you dont crate virmac2, you only start virmac2. This should not be considered a change in the resource group.

zellck
May 7, 2023

https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json#considerations-before-applying-your-locks A read-only lock on a resource group that contains a virtual machine prevents all users from starting or restarting a virtual machine. These operations require a POST method request.

Yiannisthe7thOptions: BD
Jul 18, 2021

B and D for sure. When you create a new VM and select a read-only resource group you get a "The selected resource group is read only"

DarkCyberGhost
Jan 18, 2022

but the Rrsource group is not set to read-only. Virmac1 and 2 is set to read-only, the resource group 2 in which virmac2 sits has a policy of resource is allowed. so machines can be created in the group. so to me the Answer is B and C

Joshing
Feb 22, 2022

Virmac1 is read-only and so is ResGroup2. You cannot start Virmac1 and cannot create a VM in ResGroup2.

FerasoOptions: BD
Oct 27, 2023

I just tested in the lab and BD are the correct answers. B: You can't start the VM that has read only lock, you will be getting this error: Failed to start virtual machine 'WinServer1'. Error: The scope 'WinServer1' cannot perform write operation because following scope(s) are locked: '/subscriptions/be739432-1223-4cbf-bc85-1287e4269fe6/resourceGroups/TestLAB/providers/Microsoft.Compute/virtualMachines/WinServer1'. Please remove the lock and try again. D: Setting the resource group to read only will prevent you from creating virtual machines. You will get an error that the resource group is read only.

Mazhar1993Options: AC
Apr 21, 2024

You will be able to start VirMac1. TRUE: Read-only locks don't affect starting a virtual machine; they only prevent modifications or deletions. You will NOT be able to start VirMac1. NOT TRUE: Read-only locks don't restrict starting a virtual machine; they only prevent modifications or deletions. You will be able to create a virtual machine in ResGroup2. TRUE: The policy for ResGroup2 allows virtual machine creation, and read-only locks only prevent modifications, not creations. You will NOT be able to create a virtual machine in ResGroup2. NOT TRUE: The policy for ResGroup2 permits virtual machine creation, and read-only locks only prevent modifications, not creations. https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json#considerations-before-applying-your-locks

Wezen
Jun 9, 2024

A read-only lock on a resource group that contains a virtual machine prevents all users from starting or restarting a virtual machine. These operations require a POST method request

ESAJRROptions: BD
Aug 14, 2023

B. You will NOT be able to start VirMac1. Most Voted D. You will NOT be able to create a virtual machine in ResGroup2.

heatfan900Options: BD
Aug 22, 2023

https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking THIS IS WRONG. THIS IS NOT A BLUEPRINT QUESTION.. You cannot create a new virtual machine in a read-only locked Resource Group.

AbdallaAMOptions: BD
Sep 3, 2023

A read-only lock on a resource group that contains a virtual machine prevents all users from starting or restarting a virtual machine. These operations require a POST method request. A read-only lock on a resource group prevents users from moving any new resource into that resource group. https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json

hfk2020Options: BD
Sep 6, 2023

B and D Got this message in the notification area Failed to start virtual machine 'testhk2'. Error: The scope 'testhk2' cannot perform write operation because following scope(s) are locked:

ittchmhOptions: BC
Sep 10, 2023

I will go with BC

ittchmhOptions: BD
Sep 10, 2023

Mistyped, I can't remove or change my comments I will go with BD

MeisAdrianoOptions: BD
Oct 14, 2023

B: A read-only lock on a resource group that contains a virtual machine prevents all users from starting or restarting a virtual machine. These operations require a POST method request D: A read-only lock on a resource group prevents users from moving any new resource into that resource group. https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json#considerations-before-applying-your-locks

zied01
Nov 7, 2023

i can't understand what is the relation here between the azure policy and azure locks ?!!! cause the question indicate two different things !

b9e98e8Options: CD
Feb 4, 2024

Azure Policy focuses on pre-deployment compliance, while Resource Locks safeguard resources post-deployment against accidental changes. Given a scenario where VM is allowed policy and resource lock both are working on RG level then according to pre deployment compliance you are able to create a VM in that RG but according to post deployment protection through resource lock you wont be able to make any write activity( restarting or changing disk etc ) on existing VM in that RG.

RuffyitOptions: BD
Mar 26, 2024

Correct answer is B and D, When you will create a virtual machine in ResGroup2 it will give you error "The selected resource group is read only"

Jimmy500Options: BD
Jun 18, 2024

For virtual machine Virmac1 we have read only lock which will not allow to start stop delete it so the answer for the VirMac1 will be B . For the resource group - ResGroup2 we also have same Read only which basically will not allow to do anyything else besides current config then answer for this will be D. Correct answer will be here BD but keep in mind that question says Read Only lock there can be also CanNotDelete lock as well in the other question then we can start machine for example but can not delete machine. Please refer this link for more information but here answer is BD. https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json

Data_WorksOptions: BD
Jun 18, 2024

Read-only lock on a resource prevents all write operations, including changing the state of the VM (such as starting or stopping it)

xRiot007Options: BD
Jul 15, 2024

B - You cannot start Mac1 because starting a VM involves a POST request, which will not be done while the resource is Read-only D - for the same reason.