exam questions

Exam AZ-900 All Questions

View all questions & answers for the AZ-900 exam

Exam AZ-900 topic 1 question 152 discussion

Actual exam question from Microsoft's AZ-900
Question #: 152
Topic #: 1
[All AZ-900 Questions]

HOTSPOT -
To complete the sentence, select the appropriate option in the answer area.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
A resource group is a logical container for Azure resources. Resource groups make the management of Azure resources easier.
With a resource group, you can allow a user to manage all resources in the resource group, such as virtual machines, websites, and subnets. The permissions you apply to the resource group apply to all resources contained in the resource group.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview#resource-groups https://docs.microsoft.com/en-us/azure/role-based-access-control/overview

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
panal
Highly Voted 3 years, 9 months ago
Correct Answer
upvoted 35 times
...
Acredser
Highly Voted 3 years, 10 months ago
Is it not possible to use an ARM template for the same purpose? Or is that not possible? Even though Azure Resource is the "better" option.
upvoted 16 times
BabieTee
3 years, 8 months ago
the point is simultaneously. With templates it is affected only when the other vms is been spinned. But with resource group , all permission is passed to all resources within the group at same time.
upvoted 35 times
...
clevermantmnd
3 years, 9 months ago
This is about permissions, not about VMs. So AZ Resource Group is the best answer. Moreoever, with AZ Resource, you can only delegate permission to that specific resource, not several VMs.
upvoted 13 times
bytoki
3 years, 6 months ago
ARM template is for provisioning resources based on the config. This question is asking you to edit permissions for VMs that are already deployed.
upvoted 10 times
alexandru_chirita
3 years ago
It doesn't specify exactly that the virtual machines are already deployed. But I guess it is easier to move VMs to the same resource group and delegate permissions to the resource group. I also consider the Azure Resource Manager delegating permissions because: "When you onboard a customer to Azure Lighthouse, you use an Azure Resource Manager template along with a parameters file to define authorizations that grant access to delegated resources in the customer tenant. Each authorization specifies a principalId that corresponds to an Azure AD user, group, or service principal in the managing tenant, and a roleDefinitionId that corresponds to the Azure built-in role that will be granted." https://docs.microsoft.com/en-us/azure/lighthouse/how-to/deploy-policy-remediation
upvoted 1 times
...
...
...
TitoChuz
2 years, 7 months ago
We cant set permitions on ARM templates according to my investigation. One Important thing, We can't apply permission on Subscription level using ARM template. We can only apply permission on resource group and its resources. https://stackoverflow.com/questions/48284885/can-i-apply-permissions-through-an-arm-template#:~:text=One%20Important%20thing%2C%20We%20can%27t%20apply%20permission%20on,permission%20on%20resource%20group%20and%20its%20resources.%20Share
upvoted 9 times
...
...
PN60
Most Recent 1 month, 1 week ago
Copilot: To delegate permissions to several Azure VMs simultaneously, deploying them in the same resource group is typically more straightforward. Resource groups allow you to manage permissions and policies at a group level, making it easier to apply roles and manage access. Using the same ARM template for deployment also ensures consistency, but for ongoing permission management, resource groups are more practical.
upvoted 1 times
...
dayanandthombare
1 year, 1 month ago
C. to the same resource group. This is the correct answer because you can manage access control and permissions more efficiently by deploying Azure virtual machines to the same resource group. Azure allows you to apply RBAC (Role-Based Access Control) to resource groups, which means you can grant the same permissions to multiple virtual machines in the same resource group simultaneously. It simplifies the process of delegating permissions across multiple VMs. A. Deploying VMs to the same Azure region does not have any direct impact on the ability to delegate permissions. Regions define the physical location of data centers, not access control. B. Using the same Azure Resource Manager template is a method for deploying VMs with similar configurations but doesn't directly relate to managing permissions or access control. D. Deploying VMs to the same availability zone is a strategy for improving high availability and fault tolerance but doesn't inherently affect the delegation of permissions.
upvoted 5 times
...
SAFM
1 year, 2 months ago
I think the correct answer is ARM templates. Here is a quote from the learning material: "With Azure Resource Manager, you can: [...] Apply access control to all services because RBAC is natively integrated into the management platform. [...]. " https://learn.microsoft.com/en-us/training/modules/describe-features-tools-manage-deploy-azure-resources/4-describe-azure-resource-manager-azure-arm-templates
upvoted 1 times
lerezende12
1 year, 2 months ago
Recursos/Objetos herdam as permissões e configurações do grupo de recursos. Imagina que há um grupo de recurso com 3 recursos lá dentro. A maneira mais rápida de configurar as mesmas permissões nos 3 simultaneamente, é atribuindo a permissão diretamente no grupo de recursos
upvoted 1 times
...
...
Sanj2023
1 year, 2 months ago
The answer is incorrect. The correct answer is ARM Template. "No, you cannot delegate permissions to several Azure virtual machines simultaneously by deploying Azure Virtual Machines to the same resource group. A resource group is a logical container for Azure resources, but it does not define the scope of role assignments. To delegate permissions to several Azure virtual machines simultaneously, you must use Azure Resource Manager Template, which is a JSON file that defines the resources and role assignments you need to deploy for your solution"
upvoted 1 times
...
VinnyMacD
1 year, 3 months ago
When you need to delegate permissions to several Azure virtual machines simultaneously, you must "deploy the Azure virtual machines" Deploy - Means to create and setup a virtual machine. So these machines don't exist yet. This means using "Same resource manager template" is the best option as the permission would be set while the machines are being created. A Resource Manager template (usually written in JSON format) allows you to define and deploy a set of Azure resources together. This template can include the configuration for virtual machines, along with associated permissions and access control rules.
upvoted 3 times
SAFM
1 year, 2 months ago
I think I agree more with this choice than the RG.
upvoted 1 times
...
...
msmt
1 year, 5 months ago
in the exam on 29jun2023
upvoted 3 times
...
orlandoryo
1 year, 9 months ago
I initially thought it was ARM, but the keyword here is "simultaneously", so Resource Group is the way to go.
upvoted 3 times
...
JoeGuan
1 year, 9 months ago
The azure resource template would allow you way more control. What if you need to deploy other 'things' in the resource group that do not require the same permissions? Plus, if the VMs need to be in different resource groups, but have the same permissions, then the template would allow you to apply permissions accordingly.
upvoted 1 times
...
russtest
1 year, 10 months ago
I thought you can only have one resource per resource group so how can you deploy several vm to a resource group badly worded question.
upvoted 2 times
sideque
1 year, 8 months ago
A resource group can contain multiple resources. "A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group." https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal
upvoted 1 times
...
...
buiducvu
1 year, 11 months ago
Azure resources
upvoted 1 times
...
TonyghostR05
2 years, 2 months ago
Resource Group for azure policy
upvoted 1 times
TonyghostR05
2 years, 2 months ago
key words: permission
upvoted 1 times
...
...
Pa1theAchiever
2 years, 5 months ago
correct
upvoted 1 times
...
silviogremio
2 years, 5 months ago
Azure Resource Manager templates (ARM templates). The template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. The template uses declarative syntax, which lets you state what you intend to deploy without having to write the sequence of programming commands to create it. In the template, you specify the resources to deploy and the properties for those resources. https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/overview
upvoted 2 times
gtvish
2 years, 5 months ago
Hello.. are you able to access all the questions ? I am unable to access all questions, can you help me by sharing your credentials ?
upvoted 1 times
...
...
cuentaalternajsr
2 years, 6 months ago
Es correcto!
upvoted 1 times
...
examsycia
2 years, 8 months ago
Correct Answer
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...