Home AZ-104 Azure Administrator Exam Preparation Quiz Q22

Exam Preparation Quiz

Question 22 of 75

Deploy Resources To Resource Group With ReadOnly Lock

MDFT Pro, a well-known training agency, has implemented a comprehensive infrastructure governance strategy using ARM templates with resource locks. As the newly hired infrastructure security manager for MDFT Pro, you have deployed resource groups with different protection levels to ensure proper separation between development and production environments for their learning management systems under direction from Mark, the Technical Platform Lead.

The ARM template creates three resource groups where RG1 has a “CanNotDelete” lock allowing modifications while preventing accidental deletion, and RG2 has a “ReadOnly” lock to maintain a stable production environment for their critical student assessment platform. This ReadOnly lock ensures that no unauthorized changes can be made to the production infrastructure hosting thousands of student examinations.

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {},
  "variables": {},
  "resources": [
    {
      "type": "Microsoft.Resources/resourceGroups",
      "apiVersion": "2018-05-01",
      "location": "eastus",
      "name": "[concat('RG', copyIndex())]",
      "copy": {
        "name": "copy",
        "count": 3
      }
    },
    {
      "type": "Microsoft.Resources/deployments",
      "apiVersion": "2021-04-01",
      "name": "lockDeployment",
      "resourceGroup": "RG1",
      "dependsOn": ["[resourceId('Microsoft.Resources/resourceGroups/', 'RG1')]"],
      "properties": {
        "mode": "Incremental",
        "template": {
          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
          "contentVersion": "1.0.0.0",
          "parameters": {},
          "variables": {},
          "resources": [
            {
              "type": "Microsoft.Authorization/locks",
              "apiVersion": "2016-09-01",
              "name": "rgLock",
              "properties": {
                "level": "CanNotDelete"
              }
            }
          ]
        }
      }
    },
    {
      "type": "Microsoft.Resources/deployments",
      "apiVersion": "2021-04-01",
      "name": "lockDeployment",
      "resourceGroup": "RG2",
      "dependsOn": ["[resourceId('Microsoft.Resources/resourceGroups/', 'RG2')]"],
      "properties": {
        "mode": "Incremental",
        "template": {
          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
          "contentVersion": "1.0.0.0",
          "parameters": {},
          "variables": {},
          "resources": [
            {
              "type": "Microsoft.Authorization/locks",
              "apiVersion": "2016-09-01",
              "name": "rgLock",
              "properties": {
                "level": "ReadOnly"
              }
            }
          ]
        }
      }
    }
  ],
  "outputs": {}
}

After deploying this template using New-AzDeployment -Location westus -TemplateFile "deploy.json", can you deploy a virtual machine to RG2?

Choose the correct answer from the options below.

Explanations for each answer:

Learn More About Azure Resource Locks:
Azure Resource Lock Types
Next Question