Practice Test
True or False: Azure Policy allows you to create and manage company policies at various scopes.
- True
- False
Answer: True
Explanation: Azure Policy can be scoped to manage policies at the level of the management group, subscription, and resource group, allowing greater flexibility and control.
Which Azure Policy effect allows the modification of existing resources?
- A. Append
- B. Deny
- C. DeployIfNotExists
- D. Modify
Answer: D. Modify
Explanation: Modify effect inside Azure Policy lets you make changes to existing resources to match the policy definitions.
True or False: In Azure Policy, you cannot use custom policy definitions.
- True
- False
Answer: False
Explanation: Azure Policy allows you to use built-in policy definitions as well as custom policy definitions.
The _____________ scope in Azure Policy allows applying a policy to all Azure resources across multiple subscriptions.
- A. Subscription
- B. Management group
- C. Resource group
- D. Tenant
Answer: B. Management group
Explanation: The Management group scope in Azure Policy allows you to apply a policy to all resources in multiple subscriptions.
Multiple Select: Which of the following are built-in effects in an Azure policy definition?
- A. DeployIfNotExists
- B. AuditIfNotExists
- C. Delete
- D. Audit
Answer: A. DeployIfNotExists, B. AuditIfNotExists, D. Audit
Explanation: The built-in effects in an Azure policy definition are Audit, Deny, DeployIfNotExists, AuditIfNotExists, and Disabled.
True or False: Azure Policy can enforce tags and values on resources.
- True
- False
Answer: True
Explanation: Azure Policy can enforce the use of tags and their specific values on Azure resources.
In Azure Policy, policy assignments have the _______ level of precedence.
- A. Highest
- B. Lowest
Answer: A. Highest
Explanation: Policy assignments are the actual implementation of policy definitions and have the highest level of precedence in Azure Policy.
True or False: Azure Policy cannot be used to set permissions and RBAC settings.
- True
- False
Answer: False
Explanation: Azure Policy can define permissions and RBAC settings on resources, helping to manage access control.
Which Azure Policy effect allows resources to be created but flags them for review?
- A. Append
- B. Auditing
- C. Deny
- D. AuditIfNotExists
Answer: B. Auditing
Explanation: The Auditing effect in Azure policy allows resource creation but marks them for review based on the policy rule.
True or False: Azure Policy allows compliance checking for only Azure resources.
- True
- False
Answer: False
Explanation: Azure policy allows compliance checking for Azure resources and Azure DevOps pipelines, and even data in Azure storages, to provide a holistic compliance solution.
In an Azure policy definition, which section describes the necessary conditions for the policy to take effect?
- A. Parameters
- B. If-then condition
- C. Policy rule
- D. Effects
Answer: C. Policy rule
Explanation: Policy rule describes the conditions under which the policy should take effect and the subsequent effect that should take place when the policy rule is evaluated for the target resources.
True or False: Azure Policy evaluates policies in real time.
- True
- False
Answer: True
Explanation: Azure Policy performs policy evaluation for every create or update operation on resources, allowing real-time enforcement.
Which term refers to a combination of conditions in Azure Policy that, when satisfied or unsatisfied, trigger the policy’s effect?
- A. Policy Rule
- B. Policy Assignment
- C. Policy Effects
- D. Policy Parameters
Answer: A. Policy Rule
Explanation: A policy rule in Azure Policy refers to a combination of conditions that when satisfied or not satisfied, trigger the effect defined in the policy.
Which Azure policy effect prevents certain resource operations from being performed by users?
- A. Audit
- B. Deny
- C. Delete
- D. Modify
Answer: B. Deny
Explanation: The Deny effect in Azure policy prevents specific resource operations from being carried out by users.
True or False: The Azure Policy service is region-specific.
- True
- False
Answer: False
Explanation: Azure Policy is a global service and is not tied to any specific region. It applies to all resources across all the regions in a subscription.
Interview Questions
What is Azure Policy?
Azure Policy is a service in Azure used to create, assign and, manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements.
How is Azure Policy different from Azure Role-Based Access Control (RBAC)?
Azure RBAC is focused on user actions at different scopes, while Azure Policy focuses on resource properties during deployment and for already-existing resources. Azure Policy is a default allow and explicit deny system, while Azure RBAC is a default deny and explicit allow.
What is the role of the ‘Assignments’ in Azure Policy?
An assignment is the association of a definition to a specific scope for enforcement. That scope could range from a management group to a resource group.
What is a policy definition in Azure?
A policy definition expresses what to evaluate and what action to take. For example, you could enforce a rule that storage accounts must have secure transfer required enabled.
What is the purpose of using ‘Parameters’ in Azure Policy definitions?
Parameters help to simplify your policy management by reducing the number of policy definitions. It makes it easy to reuse the definition for different scenarios and contexts.
What is ‘Compliance’ in Azure Policy, and how is it useful?
Compliance in Azure Policy is an aggregation status of your resources with the assigned policies. It shows the compliance state of the resources, whether they are in line with the assigned policies or not. This allows users to assess the overall state of the environment and to track down non-compliant resources.
What is Azure Policy’s ‘Deny’ effect?
The ‘Deny’ effect in Azure Policy is used to block any actions during a resource operation that violate policy.
What is the ‘Audit’ effect in Azure Policy?
The ‘Audit’ effect allows the resource operation but flags it as non-compliant in the policy compliance results.
How can I create a custom policy definition in Azure?
You can create custom policy definitions by using the Azure portal, Azure PowerShell, Azure CLI, or REST API. You define the rules in a JSON file, specifying the condition under which it’s enforced, and the explicit or not explicitly defined effect.
What’s the ‘DeployIfNotExists’ effect for Azure Policy?
The ‘DeployIfNotExists’ effect is used to provide a template that deploys if it doesn’t exist. In other words, if a specific condition is not met, the policy engine will deploy the necessary resources.
What is a Management Group in Azure Policy?
In Azure Policy, a management group is a level of scope above subscriptions. It allows you to organize your subscriptions and apply your governance conditions to the management group, and all subscriptions within the management group inherit the conditions.
Can I use Azure Policy to remediate non-compliant resources?
Yes, Azure Policy provides remediation tasks to automatically remediate non-compliant resources. However, not all non-compliant resources can be automatically remediated.
Can Azure Policy discover resources in Azure that are not compliant with the policy?
Yes, Azure Policy continuously audits resources in Azure for non-compliance with assigned policies. Non-compliant resources are identified with a policy compliance state of ‘Non-compliant’.
Can Azure Policy apply to resources across multiple Azure subscriptions?
Yes, a policy can be assigned to a management group, which can contain multiple subscriptions. The assigned policy applies to all resource groups and resources in those subscriptions.
Can I use Azure Policy to limit the Azure regions that my organization can deploy resources to?
Yes, you can use Azure Policy to restrict the Azure regions that your organization can create resources in. You can do this by using a built-in policy definition that restricts the locations in which resources can be created.
extutorials.com