ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 4 question 62 discussion

Actual exam question from Microsoft's AZ-500
Question #: 62
Topic #: 4
[All AZ-500 Questions]

HOTSPOT -
You have an Azure subscription named Subscription1 that contains a resource group named RG1 and a user named User1. User1 is assigned the Owner role for
RG1.
You create an Azure Blueprints definition named Blueprint1 that includes a resource group named RG2 as shown in the following exhibit.

You assign Blueprint1 to Subscription1 by using the following settings:
✑ Lock assignment: Read Only
✑ Managed Identity: System assigned
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking
by thienvupt at Oct. 4, 2021, 3:51 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Daniel9527
Highly Voted 3 years, 7 months ago
No/No/No 1. Blueprint doesn't work on existing resources. 2. RG2 is read-only and "The resource group is read only and tags on the resource group can't be modified. " 3. The newly created RG2 is read-only and nothing can be changed before you changed/deleted blueprint assignment.
upvoted 48 times
Tonion
3 years, 7 months ago
I read it once again and agree with Daniel. RG2 doesn't exist , thus Blueprint will create it with read-only lock. It means that the tag contributor role is for nothing :)
upvoted 5 times
...
...
dimaste
Highly Voted 3 years, 8 months ago
No-Yes-No Blueprint locks don't work on the existing resources "Resource locks deployed by Azure Blueprints are only applied to non-extension resources deployed by the blueprint assignment. Existing resources, such as those in resource groups that already exist, don't have locks added to them."
upvoted 12 times
alialiba
3 years, 8 months ago
Why the 2nd answer is Yes. The below statement seems suggesting the user cannot modify the tag. "The resource group is read only and tags on the resource group can't be modified. " https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking
upvoted 6 times
ceejay12
1 year ago
This has changed. In the same link, it now states that "The resource group is read only and all its properties, except for tags, can't be modified. Not Locked resources can be added, moved, changed, or deleted from this resource group."
upvoted 2 times
...
...
...
hisham30
Most Recent 10 months, 1 week ago
It should be NO,NO,NO we cannot add tags while read only lock in place..just tested
upvoted 1 times
...
pentium75
11 months ago
No - Blueprint doesn't change existing resources and definition does not mention RG1 Yes - Tags are excluded from read-only lock No - because of Blueprint with read-only lock
upvoted 1 times
Viggy1212
8 months, 4 weeks ago
When Read-Only lock is present, you cannot add Tag. I tested it. {"details":[{"code":"ScopeLocked","message":"The scope '/subscriptions/xx/resourceGroups/ResGroup1/providers/Microsoft.Resources/tags/default' cannot perform write operation because following scope(s) are locked: '/subscriptions/xx/resourceGroups/ResGroup1'. Please remove the lock and try again."}]}
upvoted 2 times
...
...
Jimmy500
11 months, 3 weeks ago
Here as a first step, we need to know Azure BluePrint does not affect existing resource before the assignment of it. In this configuration we assign it to the RG2 and RG1 is already exists and nothing will not affect RG1. Box-1 No, rg1 is already exist. Box-2 rg2 is created with blueprint that and it is in read only that is why we cannot add anything there -No Box-3 We cannot remove the role of User1 as RG2 is in the read only. All in all, answer will be here NO, NO, NO BR
upvoted 1 times
Jimmy500
11 months, 1 week ago
Hey guys , sorry I made a mistake in the option 2 I adjusted it for me and I decided I should fix it for you as well . Please find below: Here as a first step, we need to know Azure BluePrintLOCK does not affect existing resource before the assignment of it. In this configuration we assign it to the RG2 and RG1 already exists and nothing will not affect RG1. Box-1 No, rg1 already exists. Box-2 rg2 is created with blueprint that and it is in read only, however we need to bear in our mind that adding tags can be happen even if we have read only blueprint, blueprint does not affect tags but affects all other properties. So, we can only change the tags, but other properties will be same. Box-3 We cannot remove the role of User1 as RG2 is in the read only. All in all, answer will be here NO, Yes, NO
upvoted 1 times
...
...
[Removed]
1 year, 6 months ago
Mode Artifact Resource Type State Description Don't Lock * Not Locked Resources aren't protected by Azure Blueprints. This state is also used for resources added to a Read Only or Do Not Delete resource group artifact from outside a blueprint assignment. Read Only Resource group Cannot Edit / Delete The resource group is read only and all its properties, except for tags, can't be modified. Not Locked resources can be added, moved, changed, or deleted from this resource group. Read Only Non-resource group Read Only Except for tags, the resource remains unalterable and cannot be deleted or modified. Do Not Delete * Cannot Delete The resources can be altered, but can't be deleted. Not Locked resources can be added, moved, changed, or deleted from this resource group. https://learn.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking#locking-modes-and-states Tags are not included in read only
upvoted 3 times
[Removed]
1 year, 6 months ago
N existing resource Y reason stated in the link (read only lock via Blueprints do not apply on tags) N readonly lock applies
upvoted 4 times
datz
1 year ago
100 % - The resource group is read only and all its properties, EXCEPT FOR TAGS :) MEANING - tags can be modified
upvoted 2 times
...
...
...
wardy1983
1 year, 8 months ago
1. Blueprint doesn't work on existing resources. 2. RG2 is read-only and "The resource group is read only and tags on the resource group can't be modified. " 3. The newly created RG2 is read-only and nothing can be changed before you changed/deleted blueprint assignment.
upvoted 1 times
...
heatfan900
1 year, 11 months ago
Resource locks deployed by Azure Blueprints are only applied to non-extension resources deployed by the blueprint assignment. Existing resources, such as those in resource groups that already exist, don't have locks added to them.
upvoted 1 times
...
zellck
2 years, 1 month ago
NNN is the answer. https://learn.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking Resource locks deployed by Azure Blueprints are only applied to non-extension resources deployed by the blueprint assignment. Existing resources, such as those in resource groups that already exist, don't have locks added to them. https://learn.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking#locking-modes-and-states
upvoted 5 times
...
majstor86
2 years, 3 months ago
NO YES NO
upvoted 4 times
...
Muaamar_Alsayyad
2 years, 8 months ago
Given answer is correct No/YEs/NO Just tested on lab
upvoted 4 times
Muaamar_Alsayyad
2 years, 8 months ago
I meant Given answer is wrong
upvoted 3 times
...
...
Siwel72
3 years, 5 months ago
Blueprints not in exam objectives as of 29th Sept 2021, just checked, so should not appear in exam then, correct? if so, moderator, please remove.
upvoted 4 times
cfsxtuv33
3 years, 5 months ago
You are correct, I looked over the exam objectives myself and blueprints have a big red line going through it which indicates that it has been removed from the exam.
upvoted 2 times
...
koreshio
2 years, 8 months ago
thanks for pointing this out. going by the 'AZ-500 study guide' mentioned below, I don't see Blueprints mentioned anywhere on it either, although the MS coursework does go into it. https://learn.microsoft.com/en-us/certifications/exams/az-500
upvoted 2 times
...
...
GQ
3 years, 8 months ago
- A locking mode of Read only will be assigned to RG1 -> No, Blueprint1 has no configuration related to RG1. - User1 can add tags to RG2 -> Yes, Since Resource locks deployed by Azure Blueprints does not apply to Existing resources such as resource groups. - You can remove User1 from the tag contributor role of RG2 -> No, user who can create a blueprint might not have the permission to amend other user role.
upvoted 4 times
...
thienvupt
3 years, 8 months ago
Correct answer
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel