Exam AZ-500 All QuestionsBrowse all questions from this exam
Go to Exam
Question 287

HOTSPOT -

You have an Azure subscription named Subscription1 that contains a resource group named RG1 and a user named User1. User1 is assigned the Owner role for

RG1.

You create an Azure Blueprints definition named Blueprint1 that includes a resource group named RG2 as shown in the following exhibit.

You assign Blueprint1 to Subscription1 by using the following settings:

✑ Lock assignment: Read Only

✑ Managed Identity: System assigned

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

    Correct Answer:

    Reference:

    https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking

Discussion
Daniel9527

No/No/No 1. Blueprint doesn't work on existing resources. 2. RG2 is read-only and "The resource group is read only and tags on the resource group can't be modified. " 3. The newly created RG2 is read-only and nothing can be changed before you changed/deleted blueprint assignment.

Tonion

I read it once again and agree with Daniel. RG2 doesn't exist , thus Blueprint will create it with read-only lock. It means that the tag contributor role is for nothing :)

dimaste

No-Yes-No Blueprint locks don't work on the existing resources "Resource locks deployed by Azure Blueprints are only applied to non-extension resources deployed by the blueprint assignment. Existing resources, such as those in resource groups that already exist, don't have locks added to them."

alialiba

Why the 2nd answer is Yes. The below statement seems suggesting the user cannot modify the tag. "The resource group is read only and tags on the resource group can't be modified. " https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking

ceejay12

This has changed. In the same link, it now states that "The resource group is read only and all its properties, except for tags, can't be modified. Not Locked resources can be added, moved, changed, or deleted from this resource group."

zellck

NNN is the answer. https://learn.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking Resource locks deployed by Azure Blueprints are only applied to non-extension resources deployed by the blueprint assignment. Existing resources, such as those in resource groups that already exist, don't have locks added to them. https://learn.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking#locking-modes-and-states

majstor86

NO YES NO

Muaamar_Alsayyad

Given answer is correct No/YEs/NO Just tested on lab

Muaamar_Alsayyad

I meant Given answer is wrong

Siwel72

Blueprints not in exam objectives as of 29th Sept 2021, just checked, so should not appear in exam then, correct? if so, moderator, please remove.

cfsxtuv33

You are correct, I looked over the exam objectives myself and blueprints have a big red line going through it which indicates that it has been removed from the exam.

koreshio

thanks for pointing this out. going by the 'AZ-500 study guide' mentioned below, I don't see Blueprints mentioned anywhere on it either, although the MS coursework does go into it. https://learn.microsoft.com/en-us/certifications/exams/az-500

GQ

- A locking mode of Read only will be assigned to RG1 -> No, Blueprint1 has no configuration related to RG1. - User1 can add tags to RG2 -> Yes, Since Resource locks deployed by Azure Blueprints does not apply to Existing resources such as resource groups. - You can remove User1 from the tag contributor role of RG2 -> No, user who can create a blueprint might not have the permission to amend other user role.

hfk2020

Mode Artifact Resource Type State Description Don't Lock * Not Locked Resources aren't protected by Azure Blueprints. This state is also used for resources added to a Read Only or Do Not Delete resource group artifact from outside a blueprint assignment. Read Only Resource group Cannot Edit / Delete The resource group is read only and all its properties, except for tags, can't be modified. Not Locked resources can be added, moved, changed, or deleted from this resource group. Read Only Non-resource group Read Only Except for tags, the resource remains unalterable and cannot be deleted or modified. Do Not Delete * Cannot Delete The resources can be altered, but can't be deleted. Not Locked resources can be added, moved, changed, or deleted from this resource group. https://learn.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking#locking-modes-and-states Tags are not included in read only

hfk2020

N existing resource Y reason stated in the link (read only lock via Blueprints do not apply on tags) N readonly lock applies

datz

100 % - The resource group is read only and all its properties, EXCEPT FOR TAGS :) MEANING - tags can be modified

Jimmy500

Here as a first step, we need to know Azure BluePrint does not affect existing resource before the assignment of it. In this configuration we assign it to the RG2 and RG1 is already exists and nothing will not affect RG1. Box-1 No, rg1 is already exist. Box-2 rg2 is created with blueprint that and it is in read only that is why we cannot add anything there -No Box-3 We cannot remove the role of User1 as RG2 is in the read only. All in all, answer will be here NO, NO, NO BR

wardy1983

1. Blueprint doesn't work on existing resources. 2. RG2 is read-only and "The resource group is read only and tags on the resource group can't be modified. " 3. The newly created RG2 is read-only and nothing can be changed before you changed/deleted blueprint assignment.

heatfan900

Resource locks deployed by Azure Blueprints are only applied to non-extension resources deployed by the blueprint assignment. Existing resources, such as those in resource groups that already exist, don't have locks added to them.

thienvupt

Correct answer