0
0
Azurecloud~20 mins

Azure Policy for governance - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Azure Policy Governance Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
1:30remaining
What is the primary purpose of Azure Policy?

Azure Policy helps organizations manage and enforce rules across their cloud resources. What is its main goal?

ATo automate deployment of virtual machines only
BTo monitor network traffic between resources
CTo enforce organizational standards and assess compliance at scale
DTo manage user access permissions
Attempts:
2 left
💡 Hint

Think about how companies keep their cloud resources following rules and standards.

Configuration
intermediate
2:00remaining
Which JSON snippet correctly denies creation of public IP addresses in Azure Policy?

Identify the Azure Policy rule that blocks creation of public IP addresses.

A{ "if": { "field": "type", "equals": "Microsoft.Network/publicIPAddresses" }, "then": { "effect": "deny" } }
B{ "if": { "field": "Microsoft.Network/publicIPAddresses", "exists": true }, "then": { "effect": "audit" } }
C{ "if": { "field": "type", "equals": "Microsoft.Compute/virtualMachines" }, "then": { "effect": "deny" } }
D{ "if": { "field": "type", "notEquals": "Microsoft.Network/publicIPAddresses" }, "then": { "effect": "deny" } }
Attempts:
2 left
💡 Hint

Look for the condition that matches the resource type for public IP addresses and denies it.

Architecture
advanced
2:30remaining
How should you structure Azure Policy assignments for multiple subscriptions in an organization?

You manage several subscriptions under one Azure tenant. What is the best way to apply policies consistently across all subscriptions?

AAssign policies individually to each subscription
BAssign policies at the management group level containing all subscriptions
CAssign policies only at the resource group level
DAssign policies only to individual resources
Attempts:
2 left
💡 Hint

Think about applying rules once to cover many subscriptions efficiently.

security
advanced
2:00remaining
Which Azure Policy effect should you use to monitor non-compliant resources without blocking their creation?

You want to track resources that do not meet policy rules but allow their creation. Which effect fits this need?

AdeployIfNotExists
Bdeny
Cappend
Daudit
Attempts:
2 left
💡 Hint

Consider an effect that reports but does not prevent.

service_behavior
expert
3:00remaining
What happens when an Azure Policy with 'deployIfNotExists' effect is assigned and a non-compliant resource is created?

Explain the behavior triggered by the 'deployIfNotExists' effect in Azure Policy when a resource does not meet the policy condition.

AAzure Policy automatically deploys a related resource to bring compliance
BThe policy assignment is ignored for that resource
CThe resource is created but marked as non-compliant without any changes
DThe resource creation is blocked and an error is shown
Attempts:
2 left
💡 Hint

Think about automatic fixes triggered by policy.