ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-400 All Questions

View all questions & answers for the AZ-400 exam
Go to Exam

Exam AZ-400 topic 4 question 22 discussion

Actual exam question from Microsoft's AZ-400
Question #: 22
Topic #: 4
[All AZ-400 Questions]

You have the following Azure policy.

You assign the policy to the Tenant root group.
What is the effect of the policy?

  • A. prevents all HTTP traffic to existing Azure Storage accounts
  • B. ensures that all traffic to new Azure Storage accounts is encrypted
  • C. prevents HTTPS traffic to new Azure Storage accounts when the accounts are accessed over the Internet
  • D. ensures that all data for new Azure Storage accounts is encrypted at rest
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by umer123 at April 1, 2021, 4:51 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rafapaz09
Highly Voted 3 years, 12 months ago
Correct answer is good, the policy is not going to apply to the existing resources, unless you run a remediation task to force the policy to all the existing resources
upvoted 25 times
...
Kinon4
Highly Voted 3 years, 11 months ago
If storage accounts don't support HTTPS only, then deny. Therefore answer is A, only accepts encrypted traffic.
upvoted 14 times
Kinon4
3 years, 11 months ago
Answer is B**
upvoted 12 times
...
CyberLumi
3 years, 11 months ago
The policy denies the creation of any new storage account that does not allow the https protocol. It is a DENY policy not a policy to allow https traffic. Answer is B
upvoted 15 times
...
...
nikolayivanov
Most Recent 3 months, 1 week ago
Selected Answer: B
The correct answer is: B. ensures that all traffic to new Azure Storage accounts is encrypted Why other options are incorrect: A. prevents all HTTP traffic to existing Azure Storage accounts: Incorrect. The policy applies only to new or modified storage accounts because Azure Policies enforce compliance at the resource creation or modification stage, not retroactively. C. prevents HTTPS traffic to new Azure Storage accounts when the accounts are accessed over the Internet: Incorrect. The policy enforces HTTPS traffic, not prevents it. D. ensures that all data for new Azure Storage accounts is encrypted at rest: Incorrect. The policy only concerns HTTPS traffic, not encryption at rest. Azure Storage accounts encrypt data at rest by default.
upvoted 1 times
...
hajurbau
9 months, 3 weeks ago
Answer A is also correct if the remediation is ran. But selecting B for now
upvoted 1 times
...
ozbonny
1 year, 2 months ago
Selected Answer: B
B. ensures that all traffic to new Azure Storage accounts is encrypted
upvoted 3 times
...
GokhanSenyuz
2 years, 5 months ago
Selected Answer: B
answer B That's the cheese!
upvoted 1 times
...
Atos
2 years, 7 months ago
The code just seems unnecessary and answers just as bad. From what i understand it has 2 negative clauses that would effectively mean the https rule is enforced, so the storage traffic is securely encrypted. Ans: B.
upvoted 3 times
...
syu31svc
2 years, 8 months ago
Selected Answer: B
Not equals true then deny is the key here You do not allow traffic if it is not HTTPS Answer is B
upvoted 1 times
...
Govcomm
2 years, 9 months ago
All traffic to the Azure Storage Account is encrypted through HTTPS
upvoted 1 times
...
Eltooth
2 years, 11 months ago
Selected Answer: B
B is correct answer.
upvoted 1 times
...
UnknowMan
2 years, 11 months ago
Correct and you can run "remediation task for existing resources.
upvoted 1 times
...
Cheehp
3 years ago
Selected during exam. B. ensures that all traffic to new Azure Storage accounts is encrypted
upvoted 1 times
...
rdemontis
3 years, 1 month ago
Selected Answer: B
This is the reason why the correct answer is B: "During evaluation of existing resources, resources that match a deny policy definition are marked as non-compliant" https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects#deny
upvoted 2 times
...
sujitwarrier11
3 years, 2 months ago
Selected Answer: B
Correct answer B. Azure policy wont affect existing resources I think, only the newly created once after policy is enforced are affected.
upvoted 1 times
...
binq
3 years, 2 months ago
Selected Answer: B
Correct. Policy denies all future storage accounts that don't support HTTPS. Policies don't affect existing resources, hence A is incorrect.
upvoted 3 times
...
PlumpyTumbler
3 years, 2 months ago
Selected Answer: B
Word up. It's B, I'm not going to put the same link everyone else provided. This is a well documented answer.
upvoted 1 times
...
Shreyans
3 years, 2 months ago
Selected Answer: B
Correct Answer is B
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago