Protecting Azure Resources from Accidental Deletion
QUESTION:
You are the Azure admin for RedWidgetCo and you have deployed several resources, including a virtual machine, a storage account, and 3 virtual machines all to a single resource group. The storage account contains the hard drives of your virtual machines, which are connected to the virtual network.
What should you do to prevent accidental deletion of virtual machines or of any components that are required by the virtual machines?
Your choices are:
A. Configure RBAC for the entire resource group
B. Add a lock on the virtual machines
C. Add a lock on the entire resource group
D. Configure RBAC for all resources except the virtual machines
The answer is C. Adding a lock on the entire resource group will ensure that no resources in the resource group can be deleted. The requirments called for protection of all resources required by the virtual machines so setting a lock on the VMs, alone, would not meet the requirement since the storage would be left unprotected. RBAC does not prohibit accidental deletion of resources.
Reference Material:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources
Click here for my PREMIUM practice questions.