AZ-104 Microsoft Azure Administrator

Configure resource locks

Practice Test

True or False: A Resource Lock in Azure is used for locking resources to prevent accidental deletion or modification.

  • True
  • False

Answer: True

Explanation: Resource locks provide a way to protect resources from accidental deletion or modification by providing two lock levels: “CanNotDelete” and “ReadOnly”.

Which of the following types of locks are available in Azure?

  • a) ReadOnly
  • b) CanNotDelete
  • c) Both a & b
  • d) None of the above

Answer: c) Both a & b

Explanation: Azure provides two types of locks: “ReadOnly”, which only allows read operations, and “CanNotDelete”, which allows both read and write operations but prevents deletion.

The only way to remove a lock on a resource in Azure is to delete the resource.

Answer: False

Explanation: Locks can be removed from a resource without deleting the resource.

What stages can a resource be at to set the level of lock in Azure?

  • a) Subscription
  • b) Resource Group
  • c) Resource
  • d) All of the above

Answer: d) All of the above

Explanation: The lock level can be set at either of the three stages: Subscription, Resource Group, or the Resource itself.

Once a resource is locked, it cannot be unlocked.

Answer: False

Explanation: A resource lock can be removed by someone with appropriate access.

True or False: A Delete lock on a subnet prevents the deletion of the virtual network.

  • True
  • False

Answer: True

Explanation: A Delete lock on a subnet will prohibit deleting the parent resources, in this case, the virtual network.

Who can apply, modify, or remove locks?

Answer: An account with Owner or User Access Administrator role within Azure.

Explanation: Because locking is a powerful capability that can halt resource operations, only the Owner or User Access Administrator role has these permissions.

True or False: A lock on a parent resource does not apply to child resources.

  • True
  • False

Answer: False

Explanation: When you apply a lock at a parent scope, all resources within that scope inherit the same lock.

What is the primary purpose of resource locks in Azure?

Answer: To prevent accidental deletion or modification of a resource.

Explanation: The main purpose of resource locks is to protect Azure resources from accidental changes or deletions.

Can a CanNotDelete lock prevent virtual machines from being stopped?

Answer: No

Explanation: The CanNotDelete lock doesn’t prevent the operations of a resource, it only prevents the resource from being deleted.

True or False: Locks block not only users but also applications and services from making changes.

  • True
  • False

Answer: True

Explanation: Locks block any users, applications, or services from making deletions or changes to locked resources.

Do Azure Resource locks affect resource performance?

Answer: No

Explanation: Resource locks are used to protect resources and do not have any impact on the performance of the resources.

True or False: A ReadOnly lock allows users to read a resource but not delete it.

  • True
  • False

Answer: True

Explanation: A ReadOnly lock permits read operations but blocks all write and delete operations.

What type of lock should be used to prevent any changes to a resource?

Answer: ReadOnly

Explanation: A ReadOnly lock ensures the resource can only be read and not modified.

Can a CanNotDelete lock allow changes to be made to a resource but not its deletion?

Answer: Yes

Explanation: The CanNotDelete lock, as the name suggests, allows changes to be made to a resource but blocks its deletion.

Interview Questions

What is the purpose of Azure Resource Locks?

Azure Resource Locks helps prevent accidental deletion or modification of critical resources in Azure. It allows an administrator to apply a lock at different scopes (resource group, subscription) to protect the resources within it.

What are the different types of Azure Resource Locks?

There are two types of locks that Azure offers: Delete Locks and Read-Only Locks. The Delete Lock prevents the resource from being deleted, while the Read-Only lock prevents any changes from being made to the resource.

Can I apply a resource lock to a resource that is currently being deployed?

No, you cannot apply a resource lock to a resource that is currently being deployed. You must wait until the deployment is completed.

How can you create a resource lock through the Azure portal?

To create a resource lock through the Azure portal, navigate to the settings of the desired resource, click on ‘Locks’, then click ‘Add’. You can then specify the lock type and name.

Can a user with ‘Guest’ access apply or remove resource locks?

No, applying or removing resource locks requires at least ‘Contributor’ access, therefore a user with ‘Guest’ access cannot do this.

Can you override or bypass a resource lock?

No, once a resource lock is set, it cannot be bypassed or overridden. The only way to modify or delete the resource is by removing the lock.

How can you remove a resource lock?

A resource lock can be removed via the Azure portal by navigating to the ‘Locks’ section in the settings of the resource, and then selecting ‘Delete’. This can also be performed using Azure Powershell or Azure CLI.

What is the difference between ‘CanNotDelete’ and ‘ReadOnly’ locks in Azure?

‘CanNotDelete’ locks prevent the resource from being deleted, but still allow it to be modified. ‘ReadOnly’ locks on the other hand prevent both deletion and modifications to the resource.

What actions are required to manage Resource Locks in Azure?

The Microsoft.Authorization/* or Microsoft.Authorization/locks/* actions are required to manage Resource Locks in Azure.

Can a locked resource be moved to a new resource group or subscription?

Yes, a locked resource can be moved to a new resource group or subscription, but you must have the necessary access to remove the lock and reassign it after the move.

Can I apply a lock to a subscription in Azure?

Yes, you can apply a lock to a subscription. This would apply the lock to all resources within the subscription.

If a resource group has a Read-Only lock, can a resource within the group have a Delete lock?

No, a resource cannot have less restrictive lock than that of its parent resource group or subscription. If the resource group has a Read-Only lock, the resource within it cannot have a Delete lock.

Is there a limit to the number of resource locks you can have in Azure?

No, there is no documented limit to the number of resource locks you can create in Azure.

How do resource locks affect availability of applications?

Resource locks do not affect the operational side of the resources, thus they do not have any effect on the availability of applications. They only restrict the ability to delete or modify the resources.

If a resource is locked with a ‘ReadOnly’ lock, can I still view and read its properties?

Yes, a ‘ReadOnly’ lock does not prevent viewing or reading a resource’s properties. It only prevents modifications to the resource.

Related Post

AZ-104 Microsoft Azure Administrator

Configure and use Azure Monitor for networks

extutorials.com
AZ-104 Microsoft Azure Administrator

Configure and review backup reports

extutorials.com
AZ-104 Microsoft Azure Administrator

Configure VM network settings

extutorials.com

Leave a Reply

Your email address will not be published. Required fields are marked *

You Missed

AZ-900 Microsoft Azure Fundamentals

Describe Azure Resource Manager and Azure Resource Manager templates (ARM templates)

AZ-900 Microsoft Azure Fundamentals

Describe virtual networking, including the purpose of Azure Virtual Networks, Azure virtual subnets, peering, Azure DNS, Azure VPN Gateway, and Azure ExpressRoute

AZ-900 Microsoft Azure Fundamentals

Describe the purpose of Azure Arc

AZ-900 Microsoft Azure Fundamentals

Identify appropriate use cases for each cloud service (IaaS, PaaS, SaaS)