HOTSPOT
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
The status of VM1 is Running.
You assign an Azure policy as shown in the exhibit. (Click the Exhibit tab.)
You assign the policy by using the following parameters:
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Not allowed resource types (Deny): Prevents a list of resource types from being deployed. This means this policy specifically prevents a list of resource types from being deployed. So that refers that except deployment all the other operations like start/stop or move etc. are not prevented. But to be noted if the resource already exists, it just marks it as non-compliant.
Replicated this scenario in LAB keeping VM running and below are the outcome:
– VM is not deallocated
– Able to stop and start VM successfully.
– Not able to create new virtual network or VM.
– Not able to modify VM size.
– Not able change the address space of the virtual network.
– Successfully moved virtual network and VM in another resource group.
Statement 1: Yes
Based on above experiment the policy will mark the VNET1 as non-compliant but it can be moved
to RG2. Hence this statement is true.
Statement 2: No
Based on above experiment the policy will mark the VM as non-compliant but it will still be running,
not deallocated. Hence this statement is False.
Statement 3: No
Based on above experiment the address space for VNET2 can not be modified. Hence this statement is False.
Reference: https://docs.microsoft.com/en-us/azure/governance/policy/assign-policy-portal