You have an Azure subscription that contains a resource group named TestRG. You use TestRG to validate an Azure deployment. TestRG contains the following resources: You need to delete TestRG. What should you do first?
A.
Modify the backup configurations of VM1 and modify the resource lock type of VNET1
B.
Remove the resource lock from VNET1 and delete all data in Vault1
C.
Turn off VM1 and remove the resource lock from VNET1
Correct Answer: B
When you delete a resource group, all of its resources are also deleted. Deleting a resource group deletes all of its template deployments and currently stored operations.
As an administrator, you can lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. The lock overrides any permissions the user might have.
You can't delete a vault that contains backup data. Once backup data is deleted, it will go into the soft deleted state.
So you have to remove the lock on order to delete the VNET and delete the backups in order to delete the vault.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/delete-resource-group?tabs=azure-powershell
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources
https://docs.microsoft.com/en-us/azure/backup/backup-azure-delete-vault#before-you-start
No, this is wrong. one of the reasons why resource groups were designed is to facilitate the deletion of resources in Dev environments. You delete the RG and all its components are gone.
C is the answer.
Answer should be B. A recovery service vault can not deleted unless all its backups are deleted permanently. And along with that definitely resource lock has to be removed on vnet
Tried in the lab, a lot of steps to remove the vault.
https://docs.microsoft.com/en-us/azure/backup/quick-backup-vm-portal
https://docs.microsoft.com/en-us/azure/backup/backup-azure-security-feature-cloud#permanently-deleting-soft-deleted-backup-items
Disagree. The more I think about this, the less "delete all data" makes sense as step one. Step one is to modify the VM's backup configuration, but A doesn't make sense either.
I actually think they're correct. Easiest first step is to shut stuff off (not strictly needed) and remove the resource lock. Then disable soft-delete if on, remove the backup configuration for VM1 and any backups, then you can turn down the RG.
https://docs.microsoft.com/en-us/azure/backup/backup-azure-delete-vault?tabs=portal
vault manuall deleted because it stays there 14 days.. B , is corect unswer, if it was sql you need to shutdown sql instances for backup
Resource Locks: You must remove any resource locks from VNET1 to allow the deletion of the resource group1.
Vault Data: Deleting all data in Vault1 ensures that there are no dependencies preventing the deletion of the resource group
The resource lock of type Delete on VNET1 will prevent the deletion of the virtual network and, consequently, the resource group, so you must first remove the resource lock on VNET1. Later, Vault1 contains backups of VM1. Before you can delete the recovery vault, you need to delete all data (backups) inside it.
Azure Recovery Services Vaults require the deletion of backup data before the vault itself can be deleted.
B. Remove the resource lock from VNET1 and delete all data in Vault1.
Before you can delete TestRG, you must remove any dependencies that are associated with the resources in TestRG. In this scenario, VNET1 has a resource lock of type delete, which means it cannot be deleted until the resource lock is removed. Additionally, Vault1 contains backups of VM1, so you must delete all the data in Vault1 before deleting TestRG.
To do this, you can follow these steps:
1. Navigate to the VNET1 resource in the Azure portal.
2. Under Settings, select Locks.
3. Select the delete lock for VNET1 and then click Delete.
4. Navigate to the Vault1 resource in the Azure portal.
5. Delete all the backup data associated with VM1.
6. After all backup data has been deleted, delete Vault1.
7. Once VNET1 and Vault1 are deleted, you can delete TestRG.
By removing the resource lock from VNET1 and deleting all data in Vault1, you ensure that all dependencies associated with TestRG have been removed before deleting the resource group.
C and D is wrong, you don't need to turn off VM.
Both A and B are not correct but B is more correct than A, let me explain:
One of the first thing to do is to remove the resource lock, which is done only from B. A doesn't Remove the resource lock but edit it. You can edit a resource lock and switch between delete and read-only ( read-only is you can't delete, and you can't modify, delete has only delete lock, you can modify the resource). So This is where A is wrong.
To delete a backup, you can't go in the vault and delete it, before do that, you need to go to stop backup, then you can delete all backup, so that's why B is incorrect, is missing 1 step. This step is not mentioned in A too, it says modify backup configuration. Backup configuration mean how many time i took the backup, retain, snapshot etc, but it doesn't stop the backup, you need to do that from backup item.
B is the correct answer,
1. Remove VM Backup from Recovery Services Vault
Stop Backup: First, stop the backup for the VM in the Recovery Services vault.
Navigate to the Recovery Services vault.
Go to "Backup items".
Select the VM.
Click "Stop backup".
Choose the option to "Retain data" or "Delete backup data". If you choose to retain data, you must delete it later from the backup data.
Delete Backup Data (if chosen earlier):
In the Recovery Services vault, go to "Backup items".
Select the VM.
Click "Delete backup data".
2. Remove the Delete Lock on vNet
Navigate to the vNet that has the delete lock.
Go to "Locks" under the "Settings" section.
Select the delete lock and remove it.
3. Delete the Resource Group
Navigate to the Resource Group containing the VM, Recovery Services vault, and vNet.
Click "Delete Resource Group".
Confirm the deletion by typing the resource group name when prompted.
B. Remove the resource lock from VNET1 and delete all data in Vault1 is the most direct and comprehensive approach to prepare the resource group for deletion, assuming you manage data deletion carefully to prevent unwanted loss. Removing resource locks is necessary to allow deletion, and clearing Vault1 ensures there are no leftover dependencies that could halt the process. Thus, removing the resource lock is the critical first step, which is covered in this option.
C or D.
Before deleting resource group, you must first solve this problem:
- you can't delete a virtual network with subnets that are still in use by a virtual machine.
- you can't delete recovery service vault with backupped data inside
C. Turn off VM1 and remove the resource lock from VNET1
Before deleting the resource group TestRG, it's essential to ensure that all resources within it are in a state that allows for their deletion. Turning off VM1 and removing any resource locks from VNET1 would prepare the resources for deletion without causing any data loss or leaving resources in a locked state.
I would say the correct ans is C, but you could also think the B is OK. The question is.
Once we execute the delete resource group action it will automatically turn off the VM1?
If yes, then the ans should be B.
Please advise
3 steps which has to be done before we can delete the resource group
-> Stop the back up of VM
-> Delete all locks on resources of rg
-> Empty the vault
based on this, B seems to be the best option.
Correct Answer: C
Question is what should you DO FIRST:
-First you turn off the VM and remove the resource lock
-Once VM is off you can modify the back config
-Once backup config is remove you can remove backups from vault
-Once vault is empty you can remove the TestRG.
Key point being that of the choices, C which includes turning off the VM HAS to be done first before anything else can be done.
Ignore what I said about backup config xD
The VM has to be off so that it is not using the subnet associated with the vnet: "you can't delete a virtual network with subnets that are still in use by a virtual machine"
https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/delete-resource-group?tabs=azure-powershell#required-access-and-deletion-failures
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
mlantonis
Highly Voted 3 years, 9 months agoGyanshukla
3 years, 6 months agomonus
3 years, 5 months agoAubinBakana
3 years, 6 months agoAubinBakana
3 years, 6 months agozr79
3 years agomabdullah
2 years, 2 months agoDips88
Highly Voted 3 years, 10 months agopoplovic
3 years, 8 months agorawrkadia
3 years, 7 months agommNYC
3 years, 1 month agommtechsolutionsinc
3 years agoBravo_Dravel
Most Recent 1 month, 1 week ago58b2872
2 months agoMazinger
5 months, 2 weeks ago[Removed]
6 months agoCheMetto
7 months, 1 week agoCharumathi
8 months, 3 weeks ago3c5adce
9 months, 4 weeks ago3c5adce
9 months, 4 weeks ago_gio_
11 months, 2 weeks agoCg007
11 months, 4 weeks agojecampos2
1 year agoAmir1909
1 year agoHdiaOwner
1 year agoMYR55
1 year, 2 months agoMentalTree
1 year, 2 months agoMentalTree
1 year, 2 months ago