Your company has 1,000 AI developers who are responsible for provisioning environments in Azure. You need to control the type, size, and location of the resources that the developers can provision. What should you use?
Suggested Answer:B🗳️
When an application needs access to deploy or configure resources through Azure Resource Manager in Azure Stack, you create a service principal, which is a credential for your application. You can then delegate only the necessary permissions to that service principal. References: https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-create-service-principals
It is a tricky question !! I think the answer is service Principle WHY? Because the question says to control location and size ..ETC. so first you need to create a service account for developers then you hse azure policy to apply rules on this account.
A service principal must be created in each tenant where the application is used, enabling it to establish an identity for sign-in a... You need to provision resources to a large number- Azure Policy is the best answer
The question is clear and it speaks about provisioning the infra and not about the access related to infra. "You need to control the type, size, and location of the resources that the developers can provision." It speaks about controlling the type, size and location of the resources that developers can provision. Azure policies can control the type size and location for an infra that will be provisioned. This can be provisioned by any user, but what control the infra attributes are the policies. The service principles are only for authentication purpose and they don't enforce such policies. Hence the answer is Azure Policy.
This is tricky,, Def Policy comes in mind at first, But hold on,,,,
For specific only 1000 AI deveoplers ,, since all of them will be having same set of permissions.,,,
So all of those who are saying policy,,,, where are you going to attach that policy (JSON )..???
So, Therefore the best way is to create Azure service principal to which role is assigned using which every AI developer has to login...and on that Role,, policy can be attached.
So correct answer is B.
Azure Policy seems to be the correct answer here. The answer solution doesn't seem to be aligned with the question.
In Azure Policy, we offer several built-in policies that are available by default. For example:
Allowed Storage Account SKUs (Deny): Determines if a storage account being deployed is within a set of SKU sizes. Its effect is to deny all storage accounts that don't adhere to the set of defined SKU sizes.
"Allowed Resource Type (Deny): Defines the resource types that you can deploy. Its effect is to deny all resources that aren't part of this defined list.
Allowed Locations (Deny): Restricts the available locations for new resources. Its effect is used to enforce your geo-compliance requirements.
Allowed Virtual Machine SKUs (Deny): Specifies a set of virtual machine SKUs that you can deploy.
Add a tag to resources (Modify): Applies a required tag and its default value if it's not specified by the deploy request."
Check this link and watch the 23 min video on Azure Policy:
https://docs.microsoft.com/en-us/azure/governance/policy/overview
Azure Policy seems to be the correct answer here. The answer solution doesn't seem to be aligned with the question.
Check this link and watch the 23 min video on Azure Policy: https://docs.microsoft.com/en-us/azure/governance/policy/overview
It seems that Azure service principals has such capabilities.
Why are people saying it should only be policy if based here (https://docs.microsoft.com/en-us/azure-stack/operator/azure-stack-create-service-principals?view=azs-2005&pivots=state-disconnected):
" Just as a user is represented by a security principal called a user principal, an app is represented by a service principal. The service principal provides an identity for your app, allowing you to delegate only the necessary permissions to the app.
As an example, you may have a configuration management app that uses Azure Resource Manager to inventory Azure resources. In this scenario, you can create a service principal, grant the "reader" role to that service principal, and limit the configuration management app to read-only access."
This section is not available anymore. Please use the main Exam Page.AI-100 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
exam_taker5
Highly Voted 5 years, 10 months agoCodeAnant
5 years, 9 months agomhmad9992
Highly Voted 4 years, 11 months agodanflr
4 years, 5 months agorveney
Most Recent 2 years agoajiejeng
3 years agoJeb
4 years, 2 months agoDANIEL
4 years, 3 months agoSan_S
4 years, 5 months agosrinathparam
4 years, 5 months agoUpsetUser
4 years, 5 months agoaitruthseeker
4 years, 5 months agoaitruthseeker
4 years, 5 months agovalar_morghulis
4 years, 5 months agoAnirudh2020
4 years, 7 months agocombinatronix
4 years, 7 months agosayak17
4 years, 9 months agoNova077
4 years, 9 months agofred777
4 years, 12 months ago