This blog post is the fourteenth blog Microsoft Azure Fundamentals Certification Series(AZ-900) of Topic 3: Security Services.
If you have not gone through the previous Topic 3.3 Microsoft Azure Security Services then read it here
In this blog post, we’ll cover Topic 3.4 Microsoft Azure Governance which includes Azure Blueprints & Azure Policy.
Microsoft Azure provides governance features and services
- Azure Blueprints
- Azure Policy
Azure Blueprints
- Azure Blueprints like architectural blueprints, define Azure resources that implement an organization’s standards, patterns, and requirements.
- By leveraging Azure Blueprints, engineers can quickly build and deploy new environments.
- Azure Blueprints provides a mechanism that allows you to create and update artifacts (like policies, RBAC, resource group, ARM templates) and assign them to environments and version them.
RBAC is Azure’s role-based access control, a system that provides access management of Azure resources. Using Azure RBAC, one can segregate duties within the team and grant only the amount of access to users that they need to perform their role.
Azure Policy
- Azure Policy is a service that you use to create, assign, and manage policies.
- These policies enforce rules on resources so those resources stay compliant with your corporate standards and service-level agreements.
- Policies enforce tagging for resources and resource groups and restrict regions for deployed resources.
Sample Questions
Here are a few sample questions from the Microsoft Azure Fundamentals Certification Exam[AZ-900] that you should be able to solve after reading this blog.
Q 1: You have a resource group named RG1. You plan to create virtual networks and app services in RG1. You need to prevent the creation of virtual machines only in RG1. What should you use?
A. a lock
B. an Azure role
C. a tag
D. an Azure policy
Correct Answer: A
References: Click here
Q 2. Your company has an Azure environment that contains resources in several regions. A company policy states that administrators must only be allowed to create additional Azure resources in a region in the country where their office is located. You need to create the Azure resource that must be used to meet the policy requirement. What should you create?
A. a read-only lock
B. an Azure policy
C. a management group
D. a reservation
Correct Answer: B
Related/References
- [AZ-900] Microsoft Azure Certification Fundamental Exam: Everything You Must Know
- Learn how to create a Free Microsoft Azure Trial Account
- [AZ-900] Microsoft Azure Fundamentals: Topic 1.1 Overview & Benefits
- Topic 2.1 Azure Architecture: Region, Availability Zone & Geography
- How to Register For [AZ-900] Microsoft Azure Fundamentals Certification Exam
- Topic 3.1 Microsoft Azure Secure Network Connectivity: Firewall, DDOS, & NSG
- Topic 3.2 Microsoft Azure Core Identity Services: AD & MFA
- Topic 3.3 Microsoft Azure Security Services: Security Center, Key Vault, AIP & ATP
Next Task For You
Begin your journey toward Mastering Azure Cloud and landing high-paying jobs. Just click on the register now button on the below image to register for a Free Class on Mastering Azure Cloud: How to Build In-Demand Skills and Land High-Paying Jobs. This class will help you understand better, so you can choose the right career path and get a higher paying job.
Leave a Reply