Course 3 – Microsoft Azure Services and Lifecycles
Module 2: Build a Cloud Governance Strategy on Microsoft Azure
MICROSOFT AZURE FUNDAMENTALS AZ-900 EXAM PREP SPECIALIZATION
Complete Coursera Study Guide
Last updated:
TABLE OF CONTENT
INTRODUCTION – Build a Cloud Governance Strategy on Microsoft Azure
In this module, you’ll explore how various tools and services can help you build a comprehensive cloud governance strategy. You’ll learn about access policies, resource locks, and tags, which play crucial roles in managing and organizing resources effectively. Additionally, you’ll delve into Microsoft Azure services such as Azure Policy and Azure Blueprints.
These services enable you to enforce compliance, streamline resource management, and ensure that your cloud environment adheres to organizational standards. By integrating these elements, you’ll gain the knowledge needed to implement a robust governance framework that supports your business objectives and enhances operational efficiency.
Learning Objectives
- Enable governance at scale across multiple Azure subscriptions by using Azure Blueprints.
- Control and audit how your resources are created by using Azure Policy.
- Apply tags to your Azure resources to help describe their purpose.
- Apply a resource lock to prevent accidental deletion of your Azure resources.
- Define who can access cloud resources by using Azure role-based access control.
- Make organizational decisions about your cloud environment by using the Cloud Adoption Framework for Azure.
KNOWLEDGE CHECK
1. Your company has migrated to Azure cloud services and management wish to chargeback some of the resource cost to various departments on a monthly basis. Which in your opinion is the best solution to meet these requirements with the least amount of administrative effort?
- Manually track using a Microsoft Excel spreadsheet
- Create Subscriptions for each department
- Tags (CORRECT)
Correct: Tags provide extra information, or metadata, about your resources. You might create a tag that’s named Sales whose value is the name of the billing department. You can use Azure Policy to ensure that the proper tags are assigned when resources are provisioned.
2. Your Azure deployment consists of multiple subscriptions and resourcegroups. You need to restrict the actions that some of your users can carry out. You are required to allow some users to manage VM’s without having permission to make configuration changes to networking etc. Which of the following solutions allow you to do this?
- Use Azure AD Role Based Access Control (Azure RBAC) to create role assignments. (CORRECT)
- Create multiple Resource Groups.
- Create policies in Azure Policy that will audit resource usage.
Correct: Azure RBAC enables you to create roles that define access permissions. You might create one role that limits access only to virtual machines and a second role that provides administrators with access to everything.
3. Resource Locks in Azure cloud services prevent accidental changes or deletions. Which of the following are valid options when configuring Resource Locks?
Select 2 options.
- CanNotModify
- ReadOnly (CORRECT)
- CanNotDelete (CORRECT)
Correct: ReadOnly means authorized people can read a resource, but they can’t delete or change the resource. Applying this lock is like restricting all authorized users to the permissions granted by the Reader role in Azure RBAC.
Correct: CanNotDelete means authorized people can still read and modify a resource, but they can’t delete the resource without first removing the lock.
4. Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit your resources. These policies enforce different rules and effects over your resource configurations so that those configurations stay compliant with corporate standards.
Select Yes if you agree with the following statement otherwise select No:
Azure Policy initiatives are a way of grouping related policies into one set.
- Yes (CORRECT)
- No
Correct: An Azure Policy initiative is a way of grouping related policies into one set. The initiative definition contains all the policy definitions to help track your compliance state for a larger goal.
5. An Azure Blueprint is composed of artifacts. Which of the following resources as artifacts are currently supported by Azure Blueprints?
Select 3 options.
- ARM Templates (CORRECT)
- Management Groups
- Policy Assignment (CORRECT)
- Role Assignment (CORRECT)
Correct: Azure Blueprints currently supports Resource Groups, ARM template, Policy Assignment and Role Assignment as artifacts.
Correct: That’s correct. Azure Blueprints currently supports Resource Groups, ARM template, Policy Assignment and Role Assignment as artifacts.
Correct: Azure Blueprints currently supports Resource Groups, ARM template, Policy Assignment and Role Assignment as artifacts.
TEST PREP
1. Tags provide extra information, or metadata, about your resources. What is the easiest way to apply tags to resources that reside within a Resource Group?
- Create an Azure Policy (CORRECT)
- Apply a Tag directly to the Resource Group and all resources within that Group will automatically receive this Tag
Correct: You can apply tags to a resource group, but those tags are not automatically applied to the resources within that resource group. However, you can use Azure Policy to ensure that a resource inherits the same tags as its parent resource group.
2. Azure Virtual machines come in different SKU sizes and cost. Your company want to limit the choices available to users when creating new virtual machines to ensure that they only deploy cost-effective virtual machine sizes. What do you think is the best way of doing this?
- Create an Azure RBAC role that defines the allowed virtual machine SKU sizes.
- Periodically inspect the deployment manually to see which SKU sizes are used.
- Create a new Azure Policy that only displays the preferred SKU sizes. (CORRECT)
Correct: After you enable this policy, it will be effective when you create new virtual machines or resize existing ones. Azure Policy also evaluates any current virtual machines in your existing environment.
3. In Azure cloud services Role-Based Access Control (RBAC) is applied to a scope, which is a resource or set of resources that this access applies to. Select Yes if you believe the following statement is Correct or No if you believe it is incorrect
When you grant access at a parent scope, those permissions are inherited by all child scopes.
- Yes (CORRECT)
- No
Correct: When you grant access at a parent scope, those permissions are inherited by all child scopes.
4. Think back over the tools, documentation, and proven practices that make up the Cloud Adoption Framework. Which one can you use to accelerate development and build a minimum viable product (MVP) for their idea?
- Azure cloud migration best practices check list
- Azure innovation guide (CORRECT)
- Azure setup guide
Correct: Use this guide to accelerate development and build a minimum viable product (MVP) for your idea.
5. You are able to use Azure RBAC to manage all resources and your access gives you the ability to assign roles in Azure RBAC. Which one of the Azure RBAC built-in roles has been assigned to you that gives you this level of access?
- Reader
- Contributor
- Owner (CORRECT)
Correct: The owner role grants full access to manage all resources, including the ability to assign roles in Azure RBAC.
6. Your company has recently migrated to Azure cloud services the management team wants you to implement resource locks to prevent accidental changes or deletions. Which of the following are valid options when configuring Resource Locks?
Select all that apply.
- Reader
- ReaderOnly (CORRECT)
- CanNotDelete (CORRECT)
Correct: ReadOnly means authorized people can read a resource, but they can’t delete or change the resource.
Correct: CanNotDelete means authorized people can still read and modify a resource, but they can’t delete the resource without first removing the lock.
7. You have applied the following policy definition, “System updates should be installed on your machines”. What will this policy enable?
- This policy enables Azure Security Center to recommend missing security system updates on your servers. (CORRECT)
- This policy enables you to restrict the locations that your organization can specify when it deploys resources.
- This policy enables you to specify a set of VM SKUs that your organization can deploy.
Correct: This policy definition enables Azure Security Center to recommend missing security system updates on your servers.
8. Tailwind Traders want to automate their governance best practices across multiple subscriptions. Which solution do you think can assist them?
- Azure Resource Manager Templates
- Azure Blueprints (CORRECT)
- Azure Resource Groups
Correct: You can automate governance best practices across multiple subscriptions using Blueprints.
CONCLUSION – Build a Cloud Governance Strategy on Microsoft Azure
In conclusion, this module equips you with the tools and knowledge to develop a robust cloud governance strategy using Azure. By effectively leveraging access policies, resource locks, tags, Azure Policy, and Azure Blueprints, you’ll ensure compliance, enhance resource management, and support your organization’s operational goals. This comprehensive approach to governance helps maintain a secure and well-organized cloud environment.
Quiztudy Top Courses
Popular in Coursera
- Google Advanced Data Analytics
- Google Cybersecurity Professional Certificate
- Meta Marketing Analytics Professional Certificate
- Google Digital Marketing & E-commerce Professional Certificate
- Google UX Design Professional Certificate
- Meta Social Media Marketing Professional Certificate
- Google Project Management Professional Certificate
- Meta Front-End Developer Professional Certificate
Liking our content? Then, don’t forget to ad us to your BOOKMARKS so you can find us easily!
