This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Answer the following questions to check your understanding of Azure Policy and resource locks.
A security engineer assigns an Azure Policy definition with the DeployIfNotExists effect. Existing resources in the subscription don't meet the policy requirement. What must the engineer do to bring those resources into compliance?
Wait for the policy evaluation cycle to automatically remediate the resources.
Create a remediation task that triggers the DeployIfNotExists deployment against the noncompliant resources.
Change the policy effect to Deny so that Azure Policy blocks and replaces the noncompliant resources.
Delete and redeploy each noncompliant resource to trigger the policy evaluation.
A security engineer applies a Delete lock to a production Azure virtual network. A network administrator with the Owner role attempts to delete the network. What is the result?
The delete succeeds because the Owner role overrides resource locks.
The delete is blocked. Resource locks override all RBAC role assignments, including Owner.
The delete succeeds after the administrator reauthenticates with multifactor authentication.
The delete is blocked only if the lock was applied at the subscription scope.
Contoso's security team receives a request to exempt a storage account from a policy that requires HTTPS-only access. The account uses a legacy application, and the network team confirmed that a compensating network control routes all traffic through an encrypted gateway. Which exemption category should the security engineer select?
Waiver—the policy risk is accepted and will be addressed in a future release.
Mitigated—an alternative control addresses the same risk that the policy is designed to prevent.
In grace period—the resource needs more time to become compliant.
Disabled—the policy definition should be disabled for this resource group.
You must answer all questions before checking your work.
Was this page helpful?
Need help with this topic?
Want to try using Ask Learn to clarify or guide you through this topic?