No Result
View All Result
IT Quesion Library
Contribute
No Result
View All Result
No Result
View All Result

HOTSPOT – You need to design an Azure policy that will implement the following functionality: ✑ For new resources, assign tags and values that match the tags and values of the resource group to which the resources are deployed. ✑ For existing resources, identify whether the tags and values match the tags and values of the resource group that contains the resources. ✑ For any non-compliant resources, trigger auto-generated remediation…

QuestionsCategory: AZ-305HOTSPOT – You need to design an Azure policy that will implement the following functionality: ✑ For new resources, assign tags and values that match the tags and values of the resource group to which the resources are deployed. ✑ For existing resources, identify whether the tags and values match the tags and values of the resource group that contains the resources. ✑ For any non-compliant resources, trigger auto-generated remediation…
0 Vote Up Vote Down
Admin Staff asked 7 months ago 
HOTSPOT -
You need to design an Azure policy that will implement the following functionality:
✑ For new resources, assign tags and values that match the tags and values of the resource group to which the resources are deployed.
✑ For existing resources, identify whether the tags and values match the tags and values of the resource group that contains the resources.
✑ For any non-compliant resources, trigger auto-generated remediation tasks to create missing tags and values.
The solution must use the principle of least privilege.
What should you include in the design? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 Image
















 

Suggested Answer: 
    Correct Answer Image

Box 1: Modify -
Modify is used to add, update, or remove properties or tags on a subscription or resource during creation or update. A common example is updating tags on resources such as costCenter. Existing non-compliant resources can be remediated with a remediation task. A single Modify rule can have any number of operations. Policy assignments with effect set as Modify require a managed identity to do remediation.
Incorrect:
* The following effects are deprecated: EnforceOPAConstraint EnforceRegoPolicy
* Append is used to add additional fields to the requested resource during creation or update. A common example is specifying allowed IPs for a storage resource.
Append is intended for use with non-tag properties. While Append can add tags to a resource during a create or update request, it's recommended to use the
Modify effect for tags instead.
Box 2: A managed identity with the Contributor role
The managed identity needs to be granted the appropriate roles required for remediating resources to grant the managed identity.
Contributor - Can create and manage all types of Azure resources but can't grant access to others.
Incorrect:
User Access Administrator: lets you manage user access to Azure resources.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects
 https://docs.microsoft.com/en-us/azure/governance/policy/how-to/remediate-resources
 https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

This question is in AZ-305 Exam
For getting Azure Solutions Architect Expert Certificate

Next Post

AZ-104 Practice Test Free

Related Questions

Recommended

No Result
View All Result

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In