You have an Azure subscription that contains a resource group named RG1 and the network security groups (NSGs) shown in the following table.
You create and assign the Azure policy shown in the following exhibit.
What is the flow log status of NSG1 and NSG2 after the Azure policy is assigned?
In this scenario, the Azure policy is set to 'Audit' mode, which means it will only evaluate and log non-compliant resources without enforcing any changes. Additionally, the policy scope excludes NSG1, meaning NSG1 will not be evaluated or affected by this policy at all. As a result, the flow logs status for both NSG1 and NSG2 will remain unchanged and continue to be off. Therefore, the flow logs will be disabled for both NSG1 and NSG2.
So this policy is for NSG2 since NSG1 is excluded from the policy. Since the effect is Audit, answer is D.
The Audit effect is used to create a warning event in the activity log when evaluating a non-compliant resource, but it doesn't stop the request. That said, its still D cus there's no remediation task.
If you think about it, the correct answer is answer is D as the question is asking about status of both NSG1 and NSG2...
It should be D since it is in Audit.
D. Flow logs will be disabled for NSG1 and NSG2.
Answer D since the policy is in audit mode
https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effect-audit The audit effect is used to create a warning event in the activity log when evaluating a non-compliant resource, but it doesn't stop the request https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effect-basics Answer = D
Policy is in Audit mode. nothing is changing
D is correct, cause of Audit mode
Audit is used to create a warning event in the activity log when evaluating a non-compliant resource, but it doesn't stop the request.
Which is already is in this case :-)