ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam
Go to Exam

Exam AZ-305 topic 8 question 5 discussion

Actual exam question from Microsoft's AZ-305
Question #: 5
Topic #: 8
[All AZ-305 Questions]

DRAG DROP -
You need to configure an Azure policy to ensure that the Azure SQL databases have Transparent Data Encryption (TDE) enabled. The solution must meet the security and compliance requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
Step 1: Create an Azure policy definition that uses the deployIfNotExists
The first step is to define the roles that deployIfNotExists and modify needs in the policy definition to successfully deploy the content of your included template.
Step 2: Create an Azure policy assignment
When creating an assignment using the portal, Azure Policy both generates the managed identity and grants it the roles defined in roleDefinitionIds.
Step 3: Invoke a remediation task.
Resources that are non-compliant to a deployIfNotExists or modify policy can be put into a compliant state through Remediation. Remediation is accomplished by instructing Azure Policy to run the deployIfNotExists effect or the modify operations of the assigned policy on your existing resources and subscriptions, whether that assignment is to a management group, a subscription, a resource group, or an individual resource.
During evaluation, the policy assignment with deployIfNotExists or modify effects determines if there are non-compliant resources or subscriptions. When non- compliant resources or subscriptions are found, the details are provided on the Remediation page.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/how-to/remediate-resources
by JDKJDKJDK at Sept. 22, 2022, 5:25 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
VBK8579
Highly Voted 2 years ago
The three actions you should perform in sequence are: Create an Azure policy definition that uses the deployIfNotExists effect and specifies TDE as a required setting. Create an Azure policy assignment and assign the policy definition to the desired scope (e.g. subscription or resource group). Invoke a remediation task to automatically enforce the policy and enable TDE on existing databases that do not have it enabled.
upvoted 34 times
...
ronsav80
Highly Voted 2 years, 5 months ago
Per https://learn.microsoft.com/en-us/azure/governance/policy/how-to/remediate-resources?tabs=azure-portal, the steps are a) deployIfNoExists, b) create user or system managed identity, c) create remediation task. So shouldn't the 2nd step be "Create user managed identity"?
upvoted 7 times
Snownoodles
2 years, 5 months ago
managed identity is assigned automatically if you create policy by Portal
upvoted 6 times
...
...
[Removed]
Most Recent 3 months, 2 weeks ago
CORRECT
upvoted 1 times
...
globy118
2 years ago
Exam Question 02/15/2023
upvoted 6 times
...
RandomNickname
2 years, 1 month ago
Answer looks good to me as per article: https://learn.microsoft.com/en-us/azure/governance/policy/how-to/remediate-resources?tabs=azure-portal
upvoted 6 times
...
OPT_001122
2 years, 1 month ago
is given ans correct?
upvoted 1 times
AHUI
1 year, 9 months ago
yes, ans is correct
upvoted 2 times
...
...
JDKJDKJDK
2 years, 5 months ago
True deployIfNotExists https://learn.microsoft.com/en-us/azure/azure-sql/database/policy-reference?view=azuresql
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago