ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 15 question 1 discussion

Actual exam question from Microsoft's AZ-500
Question #: 1
Topic #: 15
[All AZ-500 Questions]

HOTSPOT -
You assign User8 the Owner role for RG4, RG5, and RG6.
In which resource groups can User8 create virtual networks and NSGs by using the Azure portal? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: RG6 only -
The policy does not allow the creation of virtual networks/subnets in RG5. Only NSGs can be created in RG4.
Box 2: The policy does not allow the creation of NSGs in RG5.

Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/overview
by Jco at Sept. 30, 2021, 1:55 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
bogard
Highly Voted 3 years, 10 months ago
It should be RG4 on the first box, and RG4 and RG6 on the second box
upvoted 19 times
JBS
3 years, 10 months ago
In RG4 only allowed resrource type is NSG which is not a requirement in first box. R6 is the right answer.
upvoted 32 times
...
billo79152718
2 years, 3 months ago
Correct. Guys look at the Policy definition for RG6. Not allowed resource types is: virtualNetworks/virtualNetworkPeerings So for Box1: It is: RG4 only As most of you also mention RG5 has not allowed resource types: vitrualNetowkrs/subents Same goes for RG6 on the resource type section.
upvoted 1 times
...
epomatti
1 year, 7 months ago
Box1: RG5, RG6 Creating a subnet is optional when creating a VNET. You can create only the VNET and the policy will allow it. Tested in lab.
upvoted 5 times
...
...
wsrudmen
Highly Voted 2 years, 10 months ago
Box 1: RG6 only - The policy does not allow the creation of virtual networks/subnets in RG5. Only NSGs can be created in RG4. RG4 allows only NSG, so No VNET allowed RG5 prevents from NSG creation and from Subnet, so supposed VNET (even without subnet) is KO RG6 excludes only NetworkPeerings so it's OK as he has the owner role Box 2: RG4 and RG6 only - The policy does not allow the creation of NSGs in RG5. RG4 allows only NSG, so OK RG5 prevents from NSG creation, so KO RG6 excludes only NetworkPeerings so it's OK for NSG as he has the owner role
upvoted 13 times
epomatti
1 year, 7 months ago
Box1: RG5, RG6 Creating a subnet is optional when creating a VNET. You can create only the VNET and the policy will allow it. Tested in lab.
upvoted 4 times
...
...
saira23
Most Recent 1 year ago
In Exam20/07/2024
upvoted 2 times
...
Jimmy500
1 year, 1 month ago
Let’s analyze one by one for the boxes. RG4 has policy definition that has Allowed Resource Type value that only allows Resource Type which is newtorkSecurityGroups that is why inside RG4 besides Network Security group we can not create any other resource. RG5, has NotAllowedResourceType which does not allow to create virtual network subnet inside the resource group, however question in box-1 one asks about can we create vnet ? Yes, we can but we will create it without subnet when we create vnet in the portal near to the name of Default Subnet there is delete icon as well we can delete it and create vnet without subnet. However inside this RG5 we will not able to create network security group as we see this is also in the not allowed resource type for this resource group.
upvoted 2 times
Jimmy500
1 year, 1 month ago
RG6, inside this resource group except vnet peering we will be able to create to vnet and network security groups as. Based on that the answer for the first box will be. RG5, RG6. For the second box answer will be RG4, RG6. Allowed Resource Type (Deny): Defines the resource types that you can deploy. Its effect is to deny all resources that aren't part of this defined list. BOX-1 RG5/RG6 BOX-2 RG4/RG6 BR
upvoted 5 times
Hot_156
5 months, 3 weeks ago
That is not how Azure policy works. If there is not an explicit denial, it won't deny anything else. Azure works on explicit allow/deny. BOX1 - RG4 BOX2 -RG4 and RG6
upvoted 1 times
Hot_156
5 months, 2 weeks ago
Ignore this comment. :)
upvoted 1 times
...
...
...
...
arturogomezb
1 year, 6 months ago
Box1:5,6 --> Not allowed resource types:virtualNetworks/subnets. This will not allow us to create any subnet. Hence from the Azure portal, we can create any VNet inside WhizlabRg5 with reason:when we create a VNet from azure portal, by default, a subnet is created.But we can create a VNet without any subnet from CLI o PowerShell
upvoted 2 times
arturogomezb
1 year, 6 months ago
Sorry, Box 1:Only 6 because the question specify from Azure portal, no CLI or PowerShell
upvoted 1 times
...
...
Ivan80
1 year, 6 months ago
In exam 1/28/24
upvoted 4 times
...
epomatti
1 year, 7 months ago
Box1: RG5, RG6 Creating a subnet is optional when creating a VNET. You can create only the VNET and the policy will allow it. Tested in lab.
upvoted 2 times
...
wardy1983
1 year, 9 months ago
Explanation: Box 1: RG6 only - The policy does not allow the creation of virtual networks/subnets in RG5. Only NSGs can be created in RG4. Box 2: The policy does not allow the creation of NSGs in RG5.
upvoted 1 times
...
TheProfessor
1 year, 10 months ago
Answers are correct.
upvoted 2 times
...
fireb
1 year, 11 months ago
Answer for Box 1 should be: RG5 and RG6 only. Explanation: - RG4: Policy allows creation of NSGs, but nothing else. - RG5: Policy does NOT allow creation of NSGs and specifically subnets, but allows creation of other resources including VNets. - RG6: Policy does NOT allow creation of VNet Peering, but allows creation of other resources. Answer for Box 2 should be: RG4 and RG6 only. Explanation: - RG4: Policy allows creation of NSGs, but nothing else. - RG5: Policy does NOT allow creation of NSGs and subnets, but allows creation of other resources. - RG6: Policy does NOT allow creation of VNet Peering, but allows creation of other resources including NSGs.
upvoted 2 times
...
Alexbz
2 years, 2 months ago
It should be RG4 and RG6 for both, For creating the VNet, While the policy allows the creation and management of network security groups in RG4, it does not directly address the creation of virtual networks. Therefore, the creation of virtual networks should be allowed by default in RG4. For RG6, the policy specifically prohibits the creation or modification of virtual network peerings but It does not mention anything about the creation of virtual networks themselves. As there is no explicit restriction on the creation of virtual networks, the creation of virtual networks should be allowed in RG6. For the second part, creation of Network security group only being denied on RG5 and it's allowed for both RG4 and RG6.
upvoted 1 times
...
Cock
2 years, 2 months ago
in exam 20.05.2023
upvoted 2 times
...
zellck
2 years, 3 months ago
1. RG6 only 2. RG4 and RG6 https://learn.microsoft.com/en-us/azure/governance/policy/overview#policy-definition - Allowed Resource Type (Deny): Defines the resource types that you can deploy. Its effect is to deny all resources that aren't part of this defined list - Not allowed resource types (Deny): Prevents a list of resource types from being deployed.
upvoted 7 times
zellck
2 years, 3 months ago
Gotten this in May 2023 exam.
upvoted 2 times
...
...
majstor86
2 years, 5 months ago
VNETs: RG6 only NSGs: RG4 and RG6
upvoted 5 times
...
Ajdlfasudfo0
2 years, 6 months ago
Box1: 6 only Box2: 4 & 6
upvoted 2 times
...
ltjones12
2 years, 7 months ago
#1 is RG4 only, VNETS are allowed, no locks. RG6 is wrong since vnets are not allowed #2 is correct... RG4 & RG6
upvoted 1 times
...
Nick66
2 years, 9 months ago
Allowed resource types: Defines the resource types that you can deploy. Its effect is to deny all resources that aren’t part of this defined list (Allow NSG in RG4, implicit deny RG5, RG6) Not allowed resource types: Prevents a list of resource types from being deployed (Deny NSG in RG5) Box1: RG4, RG5, RG6 Box2: RG4
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel