AZ-900 Microsoft Azure Fundamentals

Describe the purpose of Azure Policy

Practice Test

True or False: Azure Policy enhances compliance as it enables you to enforce resource consistency.

  • True
  • False

Answer: True

Explanation: Azure Policy is a service in Azure that helps to enforce organizational policies, assess compliance at scale and also fits the need of enhancing resource consistency.

Which of the following is a purpose of Azure Policy?

  • A. Cloud cost management
  • B. Enforcing organizational standards
  • C. Website hosting
  • D. Email marketing

Answer: B. Enforcing organizational standards

Explanation: Azure Policy helps meet the resource consistency, resource compliance, and regulatory requirements of your organization.

True or False: Azure Policy cannot prevent resources from being created in specific regions.

  • True
  • False

Answer: False

Explanation: Azure Policy can prevent resources from being deployed to certain locations thus giving you control over locations for your deployments.

How does Azure Policy help in managing and preventing IT security risks?

  • A. By mitigating risks through controlling computer hardware
  • B. By enabling you to enforce policies and assess compliance at scale
  • C. By managing firewall settings
  • D. By managing the number of users

Answer: B. By enabling you to enforce policies and assess compliance at scale

Explanation: Azure Policy helps to enforce policies and assess compliance at scale. Thus it helps you to prevent IT security risks that could cause potential harm to your organization.

True or False: Azure Policy can audit the settings for resources and take action upon non-compliance.

  • True
  • False

Answer: True

Explanation: Azure Policy can audit settings of existing resources and take action when a resource falls out of compliance, enabling continuous policy enforcement and compliance assessment.

Which of the following is NOT an example of Azure Policy initiative?

  • A. Allow SQL Server Transparent Data Encryption
  • B. Audit VMs that do not use managed disks
  • C. Constraints on Azure Virtual Network features
  • D. Analyzing website traffic data

Answer: D. Analyzing website traffic data

Explanation: Azure Policy initiatives are built-in policy definitions like Allow SQL Server Transparent Data Encryption, Audit VMs that do not use managed disks, Constraints on Azure Virtual Network features etc. Analyzing website traffic data is not an example of an Azure Policy initiative.

True or False: Azure Policy provides a unified view of the overall policy compliance of your organization.

  • True
  • False

Answer: True

Explanation: Azure Policy provides a unified view of policy compliance. Your team can manage the status of your resources and their compliance against the policies you created and assigned in your environment.

Azure Policy cannot be applied to which of the following Azure resources?

  • A. Storage Accounts
  • B. Virtual Machines
  • C. Virtual Networks
  • D. None of the above

Answer: D. None of the above

Explanation: Azure Policy can be applied to any Azure resource including Storage Accounts, Virtual Machines, and Virtual Networks.

True or False: Azure Policy only responds to non-compliant resources by flagging them.

  • True
  • False

Answer: False

Explanation: Azure Policy can moreover respond by automatically remedying the non-compliant resources back to a compliant state.

Azure Policy can monitor compliance in which cadence?

  • A. Real-time
  • B. Hourly
  • C. Daily
  • D. Monthly

Answer: A. Real-time

Explanation: Azure Policy is always monitoring compliance in real-time against your specific rules. This allows for immediate response and correction.

True or False: Azure Policy service is only available in selected regions.

  • True
  • False

Answer: False

Explanation: Azure Policy service is a global service and available in all the Azure regions.

What is the main purpose of Azure Policy evaluation?

  • A. To identify future development needs
  • B. To determine resource compliance with assigned policies
  • C. To evaluate performance of Azure services
  • D. To provide customer feedback

Answer: B. To determine resource compliance with assigned policies

Explanation: The main purpose of Azure Policy evaluation is to assess the compliance of resources with the policies assigned.

True or False: Azure Policy can also help with cost governance by preventing overspending in Azure.

  • True
  • False

Answer: True

Explanation: Azure Policy can prevent the creation of more costly resources and mitigate the risk of overspending.

Azure Policy is primarily designed for:

  • A. Marketing analysis
  • B. Data analytics
  • C. Governance, compliance, and management
  • D. Project management

Answer: C. Governance, compliance, and management

Explanation: Azure Policy is designed to be used for resource management, enforcing various rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements.

True or False: Azure Policy is a full audit solution, providing complete historical log capabilities.

  • True
  • False

Answer: False

Explanation: Azure Policy helps to identify existing non-compliant resources, however, it does not provide complete historical log capabilities, which are typically associated with a full audit solution.

Interview Questions

What is the primary purpose of Azure Policy?

Azure Policy is a service in Azure that helps to manage and prevent IT issues by implementing and enforcing rules across the resources within a given subscription or management group.

How does Azure Policy maintain control over your environment?

Azure Policy does this by evaluating resources for non-compliance with assigned policies. It helps to enforce organizational standards and to assess compliance.

Can Azure Policy evaluate the resources while creating them?

Yes, Azure Policy evaluates resources both during their creation and for existing resources on an ongoing basis.

What is the difference between Azure Policy and Azure Role-Based Access Control (RBAC)?

Azure Policy is centered around resource properties during deployment and later for already existing resources, while Azure RBAC focuses on providing fine-grained access management to Azure resources.

Can Azure Policy change resources into compliance?

Yes. You can use Azure Policy to automatically remediate and bring non-compliant resources back into compliance.

What is a policy definition within Azure Policy?

A policy definition is a statement that expresses what to evaluate and what action to take. It includes conditions under which it is enforced and the effect that takes place when the conditions are met.

What does Azure Policy initiative definition consist of?

Azure Policy initiative definition is a set or group of policy definitions that help track your compliance state for a larger goal.

How is the compliance state evaluated in Azure Policy?

The compliance state is evaluated by the policy assignment which is the association of a policy definition or initiative definition to a specific scope.

What role does the policy parameters play in Azure Policy?

Policy parameters help to simplify policy management by reducing the number of policy definitions required. They help in making policy definition generic and used with different values for different assignments.

Can Azure Policy be used for tracking cost or resource usage?

Yes, Azure Policy not only ensures compliance, but also helps in cost management and tallying resource usage.

What happens if a resource is non-compliant with a policy?

When a resource is found to be non-compliant during a policy assignment, Azure Policy can trigger a logical response that ranges from denying the creation of the resource to simply sending an alert or notification.

Can Azure Policy automatically fix non-compliant resources?

Yes, with remediation tasks, Azure Policy can automatically bring non-compliant resources back to compliance with the rules defined in a policy.

What does the ‘audit’ effect do in Azure Policy?

The ‘audit’ effect doesn’t stop resource creation or update. It just logs a warning event to the activity log when a request doesn’t match the policy.

Can Azure Policy be applied at multiple levels?

Yes, Azure Policy can be assigned at the management group, subscription, or resource group level.

Can we use Azure Policy along with Azure Blueprints?

Yes, Azure Policy can be used in conjunction with Azure Blueprints to create an environment with a specific governance structure and compliance requirements.

Related Post

AZ-900 Microsoft Azure Fundamentals

Describe Azure Resource Manager and Azure Resource Manager templates (ARM templates)

extutorials.com
AZ-900 Microsoft Azure Fundamentals

Describe virtual networking, including the purpose of Azure Virtual Networks, Azure virtual subnets, peering, Azure DNS, Azure VPN Gateway, and Azure ExpressRoute

extutorials.com
AZ-900 Microsoft Azure Fundamentals

Describe the purpose of Azure Arc

extutorials.com

Leave a Reply

Your email address will not be published. Required fields are marked *

You Missed

AZ-900 Microsoft Azure Fundamentals

Describe Azure Resource Manager and Azure Resource Manager templates (ARM templates)

AZ-900 Microsoft Azure Fundamentals

Describe virtual networking, including the purpose of Azure Virtual Networks, Azure virtual subnets, peering, Azure DNS, Azure VPN Gateway, and Azure ExpressRoute

AZ-900 Microsoft Azure Fundamentals

Describe the purpose of Azure Arc

AZ-900 Microsoft Azure Fundamentals

Identify appropriate use cases for each cloud service (IaaS, PaaS, SaaS)