You have a resource group named RG1. RG1 contains an Azure Storage account named storageaccount1 and a virtual machine named VM1 that runs Windows
Server 2016.
Storageaccount1 contains the disk files for VM1.
You apply a ReadOnly lock to RG1.
What can you do from the Azure portal?
A ReadOnly lock on a resource group prevents modifications to any resources within that group. This includes starting virtual machines, uploading blobs to storage accounts, and viewing keys, as these actions all involve updating or reading sensitive information. However, generating an automation script for the resource group does not modify any resources or their configurations. It simply allows you to export information about the existing resources, which aligns with the permissions granted in a ReadOnly state.
Answer is D, I have tried this on my subscription
not sure if viewing the keys and listing the keys are considered equivalent.. microsoft doc says this "A ReadOnly lock on a storage account prevents all users from listing the keys." ( URL : https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources)
It's D, I did a lab for this question.
Even I have tested it. Answer is D. Once the Read-only lock is applied, Go to Resource Group -> Settings -> Export Template. Then it will generate the template to automate the deployment process.
D is ok
D is ok
Even I have tested it. Answer is D. Once the Read-only lock is applied, Go to Resource Group -> Settings -> Export Template. Then it will generate the template to automate the deployment process.
D is ok
D is ok
I just checked It's D - "Access blocked The resource is locked Cannot access the data plane because of a read lock on the resource or its parent."
A/B/C are excluded from docs, https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources#how-locks-are-applied
I tested is well. Its D
When you enable "Read only" lock on a RG , you can not see Access keys of all storage account under that RG. Tried it in lab. So ans is "D".
Correct answer is D
Can confirm! Just tested it and I was only able to generate the automation script.
thanks gboyega
For answer C - I tested it it is clearly saying "Access Key" - Cannot access the data plane because of a read lock on the resource or its parent. WIll go with D as other have tested already.
When you set a lock on Resource Group with Read Only. Except D all options are not possible (Where you have an option to download/deploy from "Export Template" blade in the Resource Group).
Upload a blob to storageaccount1 is possible if we have readonly lock on RG1 since we are trying to modify the data not resource properties. When a R/O lock is put on a resource, you lock it's properties not the resource. So while a read only lock is present on a storage account(inherited from a resource group), a file can still be uploaded to the already existing container of a storage account.
Answer is B: Upload a blob to storageaccount1
No, you can't. Try in lab.
Here is a para from MS docs - A ReadOnly lock on a resource group that contains a virtual machine prevents all users from starting or restarting the virtual machine. These operations require a POST request
Here is a para from MS docs - A ReadOnly lock on a resource group that contains a virtual machine prevents all users from starting or restarting the virtual machine. These operations require a POST request
D is correct. Tested on lab.
test all the options in the lab : D is correct
D is correct
Answer is D - https://github.com/Azure/azure-cli/issues/8452
Correct answer is D https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resource
ANS - D. generate an automation script for RG1
The answer should be D: (According to the documentation https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?WT.mc_id=ITOpsTalk-blog-nepeters ) When you apply a lock at a parent scope (resource group), all resources within that scope inherit the same lock. Even resources you add later inherit the lock from the parent.
the correct answer is D
C is correct. I could view the access keys. I couldn't start the VM
after clearing cache and restarting browser, i couldnt see access key. D worked
Correct Answer is D. Tested option C and is not working. it says "Cannot access the data plane because of a read lock on the resource or its parent."
Checked on Azure, when Lock is applied there is and error when viewing the storage account Access Keys: "Access blocked The resource is locked Cannot access the data plane because of a read lock on the resource or its parent." D is correct
it should be D
yes answer should be D