Examice

Exam AZ-500 All QuestionsBrowse all questions from this exam

Question 21

Your company has an Azure subscription that includes two virtual machines, named VirMac1 and VirMac2, which both have a status of Stopped (Deallocated).

The virtual machines belong to different resource groups, named ResGroup1 and ResGroup2.

You have also created two Azure policies that are both configured with the virtualMachines resource type. The policy configured for ResGroup1 has a policy definition of Not allowed resource types, while the policy configured for ResGroup2 has a policy definition of Allowed resource types.

You then create a Read-only resource lock on VirMac1, as well as a Read-only resource lock on ResGroup2.

Which of the following is TRUE with regards to the scenario? (Choose all that apply.)

You will be able to start VirMac1.

You will NOT be able to start VirMac1.

You will be able to create a virtual machine in ResGroup2.

You will NOT be able to create a virtual machine in ResGroup2.

Correct Answer: B, D

A read-only lock prevents users from making any modifications to the resource, including starting or stopping a virtual machine. Therefore, you will not be able to start VirMac1. Additionally, a read-only lock on a resource group prevents any new resources from being created within that group, so you will not be able to create a virtual machine in ResGroup2.

Discussion

SajjadKarimOptions: BD

Correct answer is B and D, When you will create a virtual machine in ResGroup2 it will give you error "The selected resource group is read only"

dumdada

correct

[Removed]

correct

justjeroen

But you dont crate virmac2, you only start virmac2. This should not be considered a change in the resource group.

zellck

https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json#considerations-before-applying-your-locks A read-only lock on a resource group that contains a virtual machine prevents all users from starting or restarting a virtual machine. These operations require a POST method request.

Yiannisthe7thOptions: BD

B and D for sure. When you create a new VM and select a read-only resource group you get a "The selected resource group is read only"

DarkCyberGhost

but the Rrsource group is not set to read-only. Virmac1 and 2 is set to read-only, the resource group 2 in which virmac2 sits has a policy of resource is allowed. so machines can be created in the group. so to me the Answer is B and C

Joshing

Virmac1 is read-only and so is ResGroup2. You cannot start Virmac1 and cannot create a VM in ResGroup2.

FerasoOptions: BD

I just tested in the lab and BD are the correct answers. B: You can't start the VM that has read only lock, you will be getting this error: Failed to start virtual machine 'WinServer1'. Error: The scope 'WinServer1' cannot perform write operation because following scope(s) are locked: '/subscriptions/be739432-1223-4cbf-bc85-1287e4269fe6/resourceGroups/TestLAB/providers/Microsoft.Compute/virtualMachines/WinServer1'. Please remove the lock and try again. D: Setting the resource group to read only will prevent you from creating virtual machines. You will get an error that the resource group is read only.

Mazhar1993Options: AC

You will be able to start VirMac1. TRUE: Read-only locks don't affect starting a virtual machine; they only prevent modifications or deletions. You will NOT be able to start VirMac1. NOT TRUE: Read-only locks don't restrict starting a virtual machine; they only prevent modifications or deletions. You will be able to create a virtual machine in ResGroup2. TRUE: The policy for ResGroup2 allows virtual machine creation, and read-only locks only prevent modifications, not creations. You will NOT be able to create a virtual machine in ResGroup2. NOT TRUE: The policy for ResGroup2 permits virtual machine creation, and read-only locks only prevent modifications, not creations. https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json#considerations-before-applying-your-locks

Wezen

A read-only lock on a resource group that contains a virtual machine prevents all users from starting or restarting a virtual machine. These operations require a POST method request

xRiot007Options: BD

B - You cannot start Mac1 because starting a VM involves a POST request, which will not be done while the resource is Read-only D - for the same reason.

Data_WorksOptions: BD

Read-only lock on a resource prevents all write operations, including changing the state of the VM (such as starting or stopping it)

Jimmy500Options: BD

For virtual machine Virmac1 we have read only lock which will not allow to start stop delete it so the answer for the VirMac1 will be B . For the resource group - ResGroup2 we also have same Read only which basically will not allow to do anyything else besides current config then answer for this will be D. Correct answer will be here BD but keep in mind that question says Read Only lock there can be also CanNotDelete lock as well in the other question then we can start machine for example but can not delete machine. Please refer this link for more information but here answer is BD. https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json

RuffyitOptions: BD

Correct answer is B and D, When you will create a virtual machine in ResGroup2 it will give you error "The selected resource group is read only"

b9e98e8Options: CD

Azure Policy focuses on pre-deployment compliance, while Resource Locks safeguard resources post-deployment against accidental changes. Given a scenario where VM is allowed policy and resource lock both are working on RG level then according to pre deployment compliance you are able to create a VM in that RG but according to post deployment protection through resource lock you wont be able to make any write activity( restarting or changing disk etc ) on existing VM in that RG.

zied01

i can't understand what is the relation here between the azure policy and azure locks ?!!! cause the question indicate two different things !

MeisAdrianoOptions: BD

B: A read-only lock on a resource group that contains a virtual machine prevents all users from starting or restarting a virtual machine. These operations require a POST method request D: A read-only lock on a resource group prevents users from moving any new resource into that resource group. https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json#considerations-before-applying-your-locks

ittchmhOptions: BD

Mistyped, I can't remove or change my comments I will go with BD

ittchmhOptions: BC

I will go with BC

hfk2020Options: BD

B and D Got this message in the notification area Failed to start virtual machine 'testhk2'. Error: The scope 'testhk2' cannot perform write operation because following scope(s) are locked:

AbdallaAMOptions: BD

A read-only lock on a resource group that contains a virtual machine prevents all users from starting or restarting a virtual machine. These operations require a POST method request. A read-only lock on a resource group prevents users from moving any new resource into that resource group. https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json

heatfan900Options: BD

https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking THIS IS WRONG. THIS IS NOT A BLUEPRINT QUESTION.. You cannot create a new virtual machine in a read-only locked Resource Group.

ESAJRROptions: BD

B. You will NOT be able to start VirMac1. Most Voted D. You will NOT be able to create a virtual machine in ResGroup2.