Domain 3.2: Features and Tools for Governance and Compliance

Which Azure service allows you to create, assign, and manage rules that enforce compliance standards across your Azure resources (e.g., restricting which regions VMs can be deployed in)?

An administrator applies a 'CanNotDelete' resource lock to a critical database. What effect does this have on a user who has the 'Owner' role for that database?

Which Microsoft service provides a unified data governance solution to help manage and govern your on-premises, multi-cloud, and software-as-a-service (SaaS) data?

Where can you download published audit reports and compliance certifications (like ISO and SOC reports) for Microsoft cloud services?

Which TWO of the following tools are primarily used for governance and compliance in Azure? (Select TWO)

True or False: The Microsoft Cloud Adoption Framework for Azure provides a set of best practices, documentation, and tools to help organizations successfully adopt the cloud.

Which Azure service is used to create, assign, and manage rules that enforce compliance for your Azure resources (e.g., restricting which regions resources can be deployed to)?

You want to ensure that a critical production database cannot be accidentally deleted by any user, even if they have Owner permissions. What should you implement?

Where can you find Microsoft's compliance documentation, independent audit reports, and privacy information regarding how Microsoft protects your data?

True or False: A ReadOnly resource lock prevents users from modifying or deleting a resource, but allows them to view it.

Select TWO capabilities of Microsoft Purview.

Select TWO statements that accurately describe Azure Resource Locks.

Which Azure service provides a unified data governance solution to help you manage and govern your on-premises, multi-cloud, and software-as-a-service (SaaS) data?

What is the primary difference between Azure Policy and Role-Based Access Control (RBAC)?

Which Azure feature can you use to prevent accidental deletion of a critical production database, even by users who have administrative privileges?

Where can you find Microsoft's independent third-party audit reports, compliance documentation, and information about how Microsoft secures its cloud services?

Select TWO types of Resource Locks available in Azure.

True or False: Azure Policy can be configured to automatically remediate (fix) resources that are found to be non-compliant.

A company wants to ensure that developers can only deploy virtual machines of a specific, low-cost size (e.g., B-series). Which Azure service should they use to enforce this rule?

An administrator wants to ensure that a critical production database cannot be accidentally deleted by any user, even those with Owner permissions. What should they apply to the database?

Which Microsoft service provides a unified data governance solution to help manage and govern your on-premises, multi-cloud, and software-as-a-service (SaaS) data?

Where can a company download official Microsoft compliance reports, such as ISO certifications and SOC reports, for Azure services?

Which TWO actions can Azure Policy perform? (Select TWO)

Scenario: Contoso Ltd is planning to migrate its on-premises infrastructure to Azure. They have a tight budget and want to estimate the cost savings of moving to the cloud over a 3-year period. Once migrated, they need to ensure that no one can accidentally delete their core networking resources. They also want to automatically enforce that all new resources are deployed only in the West Europe region.<br/><br/>How can Contoso prevent the accidental deletion of their core networking resources?

Scenario: Contoso Ltd is planning to migrate its on-premises infrastructure to Azure. They have a tight budget and want to estimate the cost savings of moving to the cloud over a 3-year period. Once migrated, they need to ensure that no one can accidentally delete their core networking resources. They also want to automatically enforce that all new resources are deployed only in the West Europe region.<br/><br/>Which service should Contoso use to automatically enforce the region restriction for new resources?

Which Azure service allows you to create, assign, and manage rules that enforce compliance for your Azure resources (e.g., restricting which regions resources can be deployed in)?

An administrator wants to ensure that a critical production database cannot be accidentally deleted by anyone, even users with the 'Owner' role. What should they apply to the resource?

Which TWO of the following are primary capabilities of Microsoft Purview? (Select TWO)

A compliance officer needs to download Microsoft's independent audit reports (such as ISO or SOC reports) to verify that Azure meets their industry's regulatory standards. Where can they find these documents?

Which Microsoft resource provides a set of best practices, guidance, and documentation to help organizations successfully adopt the cloud and achieve their business outcomes?

A company wants to ensure that all new Azure resources are automatically assigned a 'Department' tag. Which tool should they use to enforce this?