HOTSPOT - You need to deploy Microsoft Antimalware to meet the platform protection requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Suggested Answer:
Scenario: Microsoft Antimalware must be installed on the virtual machines in RG1. RG1 is a resource group that contains Vnet1, VM0, and VM1.
Box 1: DeployIfNotExists - DeployIfNotExists executes a template deployment when the condition is met. Azure policy definition Antimalware Incorrect Answers: Append: Append is used to add additional fields to the requested resource during creation or update. A common example is adding tags on resources such as costCenter or specifying allowed IPs for a storage resource. Deny: Deny is used to prevent a resource request that doesn't match defined standards through a policy definition and fails the request. Box 2: The Create a Managed Identity setting When Azure Policy runs the template in the deployIfNotExists policy definition, it does so using a managed identity. Azure Policy creates a managed identity for each assignment, but must have details about what roles to grant the managed identity. Reference: https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects
doesn't DeployIfNotExists require a managed identity.
I understand the scope is important but following the order what comes first?
1. DeployIfNotExists
2. Managed Identity
3. Scope
Explanation:
Scenario: Microsoft Antimalware must be installed on the virtual machines in RG1.
RG1 is a resource group that contains Vnet1, VM0, and VM1.
Box 1: DeployIfNotExists -
DeployIfNotExists executes a template deployment when the condition is met.
Azure policy definition Antimalware
Incorrect Answers:
Append:
Append is used to add additional fields to the requested resource during creation or update. A common
example is adding tags on resources such as costCenter or specifying allowed IPs for a storage resource.
Deny:
Deny is used to prevent a resource request that doesn't match defined standards through a policy definition
and fails the request.
Box 2: THE SCOPE
scope as generally it will be applied on Sub but you need to change it to RG as per requirements
Box2 is Correct
Similar to AuditIfNotExists, a DeployIfNotExists policy definition executes a template deployment when the condition is met. Policy assignments with effect set as DeployIfNotExists require a managed identity to do remediation.
Also in managed identity you will define type of identity and scope.
Link:
https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effects#deployifnotexists
Answer is correct
"a DeployIfNotExists policy definition executes a template deployment when the condition is met. Policy assignments with effect set as DeployIfNotExists require a managed identity to do remediation "
A scope is also required but a scope follows after managed identity
Based on https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects#deployifnotexists-properties DeploymentScope and ExistenceScope are optional. Moreover the default value is Resource group.
From the other hand roleDefinitionIds is required parameter where we define "role-based access control role ID accessible by the subscription". I believe it's what they meant by "Create a Managed Identity setting"
Vague question.
When you create ASSIGNMENT
1) you CAN configure Scope (Subscription or/and RG). By default scope setuped in Sub where you reside.
2) you CAN NOT configure "Create a Managed Identity" permission and you CAN NOT deactivate it. You can configure "Managed Identity location" but it has default value so you don't have to configure it.
Correct,
Box 2: The Create a Managed Identity setting
When Azure Policy runs the template in the deployIfNotExists policy definition, it does so using a managed identity. Azure Policy creates a managed identity for each assignment, but must have details about what roles to grant the managed identity.
For me box2 is Scope.
When you're assigning the create policy, the first row of the first screen asks you about scope. Also, the "Create Manages Identity" checkbox is checked by default for DeployIfNotExists.
Box 2 scope as generally it will be applied on Sub but you need to change it to RG as per requirements
upvoted 10 times
...
This section is not available anymore. Please use the main Exam Page.AZ-500 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
benito_nepomuceno
Highly Voted 4 years, 1 month agovijeet
Highly Voted 4 years agopentium75
9 months agowardy1983
Most Recent 1 year, 5 months ago_punky_
1 year, 6 months agomajstor86
2 years, 2 months agosubhuman
3 years, 2 months agoTonion
3 years, 5 months agokakakayayaya
3 years, 8 months agokakakayayaya
3 years, 8 months agothienvupt
3 years, 10 months agokumax
3 years, 10 months agoalexk0
3 years, 11 months agodadageer
4 years, 1 month ago