Note: This question is part of a series of questions that present the same scenario. Each question in the series
contains a unique solution that might meet the stated goals. Some question sets might have more than one
correct solution, while others might not have a correct solution.
After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will
not appear in the review screen.
You use Azure Resource Manager (ARM) templates to deploy resources.
You need to ensure that storage resources defined in templates cannot be deleted.
Solution: You define the following JSON in the template.
Does the solution meet the goal?
A.
Yes
B.
No
Explanation:
As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in
your organization from accidentally deleting or modifying critical resources. You can set the lock level to
CanNotDelete or ReadOnly.
ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying
this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
CanNotDelete means authorized users can still read and modify a resource, but they can’t delete the resource.
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources
This sounds wrong. Ans should be No. Lock level set as readonly, it means it can be updated or deleted as given in the notes
0
1
As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete or ReadOnly.
CanNotDelete means authorized users can still read and modify a resource, but they can’t delete the resource.
ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
4
0
Applying ReadOnly can lead to unexpected results because some operations that seem like read operations actually require additional actions. For example, placing a ReadOnly lock on a storage account prevents all users from listing the keys.
0
0
wrong –
Should be can not delete.
QUestion states – cannot be deleted.
But in this case you even do not allow to modify.
In addition – type is incorrect in this case
1
0
Skajuks is right, the Resource Type link is incorrect, it needs to specify the type of resource being locked, Microsoft.Storage in this case. It could be any resource, Microsoft.Network or Microsoft.Web etc
1
0
Looks good to me according to this link.
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources
1
1