Home AZ-104 Azure Administrator Exam Preparation Quiz Q21

Exam Preparation Quiz

Question 21 of 75

Deploy Resources To Resource Group With CanNotDelete Lock

MDFT Pro, a well-known training agency, is implementing infrastructure as code practices to standardize their Azure environment deployments across multiple training centers. As the newly hired DevOps engineer for MDFT Pro, you have created an ARM template named Deploy.json to automatically provision resource groups with appropriate security controls for their educational infrastructure under direction from Mark, the IT Services Coordinator.

The template creates three resource groups (RG0, RG1, RG2) in the East US region and applies different lock levels to control resource management. RG1 receives a “CanNotDelete” lock to protect critical training resources from accidental deletion while still allowing updates, and RG2 gets a “ReadOnly” lock to prevent any modifications to production systems.

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {},
  "variables": {},
  "resources": [
    {
      "type": "Microsoft.Resources/resourceGroups",
      "apiVersion": "2018-05-01",
      "location": "eastus",
      "name": "[concat('RG', copyIndex())]",
      "copy": {
        "name": "copy",
        "count": 3
      }
    },
    {
      "type": "Microsoft.Resources/deployments",
      "apiVersion": "2021-04-01",
      "name": "lockDeployment",
      "resourceGroup": "RG1",
      "dependsOn": ["[resourceId('Microsoft.Resources/resourceGroups/', 'RG1')]"],
      "properties": {
        "mode": "Incremental",
        "template": {
          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
          "contentVersion": "1.0.0.0",
          "parameters": {},
          "variables": {},
          "resources": [
            {
              "type": "Microsoft.Authorization/locks",
              "apiVersion": "2016-09-01",
              "name": "rgLock",
              "properties": {
                "level": "CanNotDelete"
              }
            }
          ]
        }
      }
    },
    {
      "type": "Microsoft.Resources/deployments",
      "apiVersion": "2021-04-01",
      "name": "lockDeployment",
      "resourceGroup": "RG2",
      "dependsOn": ["[resourceId('Microsoft.Resources/resourceGroups/', 'RG2')]"],
      "properties": {
        "mode": "Incremental",
        "template": {
          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
          "contentVersion": "1.0.0.0",
          "parameters": {},
          "variables": {},
          "resources": [
            {
              "type": "Microsoft.Authorization/locks",
              "apiVersion": "2016-09-01",
              "name": "rgLock",
              "properties": {
                "level": "ReadOnly"
              }
            }
          ]
        }
      }
    }
  ],
  "outputs": {}
}

After deploying this template using New-AzDeployment -Location westus -TemplateFile "deploy.json", can you deploy a virtual machine to RG1?

Choose the correct answer from the options below.

Explanations for each answer:

Learn More About Azure Resource Locks:
Azure Resource Lock Types
Next Question