Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam AZ-103 All Questions

View all questions & answers for the AZ-103 exam

Exam AZ-103 topic 1 question 21 discussion

Actual exam question from Microsoft's AZ-103
Question #: 21
Topic #: 1
[All AZ-103 Questions]

You have a resource group named RG1. RG1 contains an Azure Storage account named storageaccount1 and a virtual machine named VM1 that runs Windows
Server 2016. Storageaccount1 contains the disk files for VM1.
You apply a ReadOnly lock to RG1.
What can you do from the Azure portal?

  • A. Generate an automation script for RG1.
  • B. View the keys of storageaccount1.
  • C. Start VM1.
  • D. Upload a blob to storageaccount1.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources.
ReadOnly means authorized users can read a resource, but they can't delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
Incorrect Answers:
C: A ReadOnly lock on a resource group that contains a virtual machine prevents all users from starting or restarting the virtual machine. These operations require a POST request.
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
msftfan
Highly Voted 4 years, 7 months ago
A is correct
upvoted 50 times
baobabko
4 years, 4 months ago
Tried and it works - can export template for locked Storage Account. Cannot view keys. (POST requests are not allowed on a resource with ReadOnly lock)
upvoted 7 times
...
praveen97
4 years, 3 months ago
Agree with msftfan. A is correct answer. I have tried in my tenant. I am able to export the template and generate the automation script for Resource Group. With ReadOnly lock, we can't view the keys in storage account. Tested this as well.
upvoted 3 times
...
chaudha4
3 years, 4 months ago
Even A is not possible. I put a read lock on the Resource group. Went to the deployments tab. Selected the deployment and clicked "View template" and got the error below. Error goes away if I remove the read lock on RG. ------- The scope '/subscriptions/../resourceGroups/rg-vm1/providers/Microsoft.Resources/deployments/CreateVm-canonical.0001-com-ubuntu-server-focal-2-20210526134944' cannot perform write operation because following scope(s) are locked: '/subscriptions/.../resourceGroups/rg-vm1'. Please remove the lock and try again. (Code: ScopeLocked)
upvoted 1 times
chaudha4
3 years, 4 months ago
I stand corrected. I was using the wrong tab. The correct tab would be under "Automation" call "Export Template". I am able to export the template with read -lock on RG. So A is the right answer.
upvoted 4 times
...
...
...
MedRaito
Highly Voted 4 years, 6 months ago
Hey All, I just tested the scenario, when locking RG you cannot acces to the Keys but you can generate the automation script. So the answer is : A
upvoted 17 times
...
tashakori
Most Recent 6 months, 3 weeks ago
A is correct
upvoted 1 times
...
Amir1909
8 months ago
A is correct
upvoted 1 times
...
Jhinga
3 years, 1 month ago
A read-only lock on a storage account prevents users from listing the account keys. The Azure Storage List Keys operation is handled through a POST request to protect access to the account keys, which provide complete access to data in the storage account. When a read-only lock is configured for a storage account, users who don't have the account keys must use Azure AD credentials to access blob or queue data. A read-only lock also prevents the assignment of Azure RBAC roles that are scoped to the storage account or to a data container (blob container or queue). So B, C, D are incorrect. We are left with A, seems to be correct.
upvoted 2 times
...
Lkk51
3 years, 4 months ago
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json A read-only lock on a storage account prevents users from listing the account keys. The Azure Storage List Keys operation is handled through a POST request to protect access to the account keys
upvoted 1 times
...
I
3 years, 8 months ago
Well, if the question ReadOnly lock is working on RG1, then here need automation script. So option A is correct. But if the question is ReadOnly lock to Storageaccount1, option B is correct. Therefore, check the question carefully when doing the exam. I do belive every time, they only slightly change one or two key words from the question then the answer is different.
upvoted 1 times
I
3 years, 8 months ago
Alright, I change my mind. Most of us didn't check the question clearly including me! The question says that RG1 has been lock as ReadOnly then what can you do from Azure Potal? Of course, we can do nothing but viewing... Sorry for the incorrect reply at previous.
upvoted 1 times
...
...
rich59
3 years, 8 months ago
Tested on my subscription 1. I could not start a VM in resource group 2. I could not upload a blob to the storage account 3. I could not generate an automation script 4. I COULD VIEW KEYS OF STORAGE ACCOUNT
upvoted 3 times
...
ms70743
3 years, 9 months ago
A is correct answer
upvoted 1 times
...
Thi
3 years, 11 months ago
A. Generate an automation script for RG1.
upvoted 1 times
...
Thi
3 years, 11 months ago
A. Generate an automation script for RG1.
upvoted 1 times
...
deepualan
4 years, 1 month ago
A read-only lock on a storage account prevents all users from listing the keys. The list keys operation is handled through a POST request because the returned keys are available for write operations.
upvoted 1 times
...
Saman2020
4 years, 1 month ago
Put a Read Only lock on a Stg Acct and it didn’t let me to see the Keys! I thought this is a Read action!
upvoted 1 times
...
eumevito
4 years, 1 month ago
Answer is A.. tested here also. I was not able to View the keys.
upvoted 1 times
...
Gbala
4 years, 1 month ago
Tested it... I was not able to view the storage keys and was not able to start the VM with reader access... but i was able to export the JSON script for automation ,... so definitely the answer is "A"
upvoted 2 times
Gbala
4 years, 1 month ago
ignore my previous comment.. was confused with the reader access and reader lock... with applying reader-lock on my resource group I was able to view the keys... so answer is "B"
upvoted 1 times
...
...
KaiserdomTW
4 years, 2 months ago
A. Generate an automation script for RG1. Is the answer, proof on 20200712
upvoted 2 times
...
narru
4 years, 2 months ago
Which one is correct? Ans A OR B?
upvoted 1 times
manishkhare
4 years, 2 months ago
A is correct. List Keys require a post request which will not be allowed for ReadOnlyLock https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...