Practice Test
True or False: Azure Policy assesses the resources in your environment to ensure they’re compliant with the rules you set.
- True
- False
Answer: True
Explanation: Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, helping ensure your resources stay compliant with your corporate standards and service level agreements.
What Azure service is used to configure security settings and auditing?
- A. Azure Monitor
- B. Azure Security Center
- C. Azure Advisor
- D. Azure Policy
Answer: D. Azure Policy
Explanation: Azure Policy is the service that you use to create, assign and manage policies which enforce different rules over your resources, helping ensure compliance with corporate standards and SLAs.
Azure Policy can allow non-compliant resources to change their configuration.
- A. True
- B. False
Answer: B. False
Explanation: Azure Policy flags non-compliant resources but does not modify those resources. Take corrective actions manually or use an appropriate tool for automatic remediation.
Azure Policy checks compliance at the following levels, except:
- A. Resource Group
- B. Subscription
- C. Management group
- D. None of the above
Answer: D. None of the above
Explanation: Azure Policy checks compliance at all the mentioned levels: Resource Group, Subscription, and Management Group.
Azure Policy helps in ________ corporate standards over your resources.
- A. Improvising
- B. Enforcing
- C. Eliminating
- D. Modifying
Answer: B. Enforcing
Explanation: Azure Policy helps in enforcing corporate standards and SLAs across the infrastructure, thus helping to ensure compliance with external regulations.
True or False: Azure Policy can be applied on already existing resources.
- True
- False
Answer: True
Explanation: Azure Policy works at the control plane layer, not only during the deployment phase but also for already existing resources.
Azure Policy supports which of the following effect types?
- A. Append
- B. Deny
- C. Audit
- D. All of the above
Answer: D. All of the above
Explanation: Azure Policy supports multiple effect types such as Append, Deny, Audit, and several others to enforce rules on resource properties during deployment and for already existing resources.
Azure Policy can be assigned only at the subscription level.
- A. True
- B. False
Answer: B. False
Explanation: Azure Policy can be assigned at different scopes such as management group, resource group or individual resources.
True or False: Initiatives in Azure Policy are a collection of multiple policy definitions.
- True
- False
Answer: True
Explanation: Initiatives are a set or group of policy definitions to help track your compliance state for a larger goal.
Which of the following is not a built-in policy definition provided by Azure Policy?
- A. Allowed locations
- B. Allowed resource types
- C. Maximum number of resources
- D. Audit VMs that do not use managed disks
Answer: C. Maximum number of resources
Explanation: “Maximum number of resources” is not a built-in policy definition provided by Azure Policy. The built-in policy definitions include Allowed locations, Allowed resource types, and Audit VMs that do not use managed disks.
In Azure Policy, you can build custom definitions using which language?
- A. Python
- B. JavaScript
- C. PowerShell
- D. None of the above
Answer: D. None of the above
Explanation: Custom definitions in Azure Policy are created using JSON (JavaScript Object Notation).
True or False: Azure Policy can evaluate resource properties during deployment.
- True
- False
Answer: True
Explanation: In addition to monitoring resource state after deployment, Azure Policy can evaluate resource properties during deployment and reject those deployments if they don’t meet the conditions in the policy.
Azure Policy can integrate with which of the following Azure services for remediation tasks?
- A. Azure Logic Apps
- B. Azure Automation Runbooks
- C. Azure DevOps
- D. All of the above
Answer: D. All of the above
Explanation: Azure Policy can integrate with Azure Logic Apps, Azure Automation Runbooks, and Azure DevOps to take corrective actions on non-compliant resources.
True or False: Azure Policy API version 2019-06-01 doesn’t support tagging.
- True
- False
Answer: False
Explanation: Azure Policy API version 2019-06-01 does support resource tagging.
What option should you use in Azure Policy if you want to record a violation but not stop a resource from being created?
- A. Deny
- B. Audit
- C. Append
- D. DeployIfNotExist
Answer: B. Audit
Explanation: The Audit effect in Azure Policy allows you to record the violation when a resource is not compliant without blocking its creation or update.
Interview Questions
What is Azure Policy?
Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements.
How does Azure Policy work?
Azure Policy works by applying a set of defined rules or actions to specific resources or resource groups within Azure. When the conditions specified in the policy are matched, Azure Policy will perform the designated action.
Can Azure Policy be used for auditing?
Yes, Azure Policy has an ‘audit’ effect that enables you to track whether existing resources comply with a policy. This doesn’t make any changes, but it flags non-compliant resources for future review.
What are policy assignments in Azure Policy?
Policy assignments are the association of a policy definition with a specific scope for enforcement. The scope can be a management group, a subscription, or a resource group.
What is the difference between ‘deny’ and ‘audit’ effects in Azure Policy?
The ‘deny’ effect in Azure Policy will block a request if it doesn’t comply with the policy definition. However, the ‘audit’ effect will allow the request but will flag it as non-compliant in the compliance section of Azure Policy.
What is the purpose of ‘initiative’ in Azure Policy?
An initiative in Azure Policy is a collection of policy definitions that are designed to achieve a singular overarching goal. This is helpful in more complex scenarios where one single policy is not enough to enforce or audit a desired state.
Can Azure Policy assess the compliance state of your resources?
Yes, Azure Policy includes a compliance feature that provides an aggregated view to evaluate the overall state of the environment, with drill-down options to view noncompliance details of resources.
Can I create custom policies in Azure Policy?
Yes, you can define custom policy definitions based on your organization’s requirements. Once defined, these definitions can be assigned to the required scope.
What are the key components of Azure Policy definition?
The key components of the Azure Policy definition are ‘Parameters’, ‘Policy Rule’, ‘Display Name’, ‘Description’, and ‘Metadata’.
What is ‘deployIfNotExists’ effect in Azure Policy?
The ‘deployIfNotExists’ effect in Azure Policy is a powerful feature that allows you to deploy additional resources if the target resource is found not to exist.
How can I view the compliance state of an individual resource?
You can view the compliance state of an individual resource in the Azure portal by navigating to the ‘Policy’ section and then to the ‘Compliance’ tab.
Are there any default policy assignments?
Yes, Azure Policy provides several built-in policy assignments that you can readily use. These built-in policies are mainly derived from common use-cases and practices.
What is the purpose of Remediation in Azure Policy?
Remediation in Azure Policy is an automated process that modifies the resources which are flagged non-compliant, helping them to become compliant with the defined policy.
How can we classify resources in Azure?
Azure Policy has a feature called ‘tagging’ that can be used to classify resources by adding metadata to them.
Can Azure Policy apply multiple effects at once?
Yes, multiple effects can be included in a single Azure Policy. The order of the effects in policy rule matters and the first matching effect takes precedence.
extutorials.com