ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Domain 1.3: GovernanceDomain 1GovernanceManagement GroupsAzure Landing Zones

AZ-305 · Question 11 · Domain 1.3: Governance

A multinational corporation is designing its Azure landing zone architecture. The company has 5 distinct Business Units (BUs).

Requirements:

  1. The Central IT team must enforce baseline security policies (e.g., requiring Microsoft Defender) across ALL subscriptions in the company.
  2. Each BU must be able to manage its own resources and apply BU-specific policies.
  3. Two of the BUs operate in the healthcare sector and must adhere to strict HIPAA compliance policies that do not apply to the other three BUs.

You need to design a Management Group hierarchy. Which THREE actions should you include in your design? (Select THREE)

Answer options:

A.

Create a 'Corporate Root' management group under the Tenant Root Group and assign the baseline security policies here.

B.

Assign the baseline security policies directly to the Tenant Root Group.

C.

Create a 'Healthcare' management group under the Corporate Root, assign HIPAA policies here, and place the two healthcare BUs beneath it.

D.

Create individual management groups for each BU to allow BU-specific policy and RBAC assignments.

E.

Assign the HIPAA compliance policies directly to the resource groups within the healthcare BU subscriptions.

F.

Use Azure Blueprints to enforce the Management Group hierarchy.

How to approach this question

Follow Azure Landing Zone best practices: Avoid Tenant Root assignments, group similar compliance needs (Healthcare), and provide BU autonomy.

Full Answer

Create a 'Corporate Root' management group under the Tenant Root Group and assign the baseline security policies here., Create a 'Healthcare' management group under the Corporate Root, assign HIPAA policies here, and place the two healthcare BUs beneath it., Create individual management groups for each BU to allow BU-specific policy and RBAC assignments.
Azure Landing Zone best practices recommend creating a top-level management group (e.g., 'Corporate Root') below the Tenant Root to apply global policies. To handle the healthcare requirement efficiently, create a 'Healthcare' management group to host the HIPAA policies, and place the two healthcare BU management groups under it. Finally, each BU needs its own management group to manage its specific RBAC and policies.

Common mistakes

Assigning policies to the Tenant Root Group is a common anti-pattern. Assigning enterprise compliance policies at the resource group level is unscalable.
10All questions12

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 3

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01Contoso Ltd is a global manufacturing company with 50,000 employees across 30 countries. They cur...MediumQ02Fabrikam Inc. is a Managed Service Provider (MSP) managing Azure environments for 50 different en...HardQ03A financial institution generates 5 TB of telemetry and audit logs daily across its Azure environ...MediumQ04A retail company has recently migrated several workloads to Azure. The IT Director wants a centra...EasyQ05A healthcare organization with 10,000 employees uses on-premises Active Directory. They are migra...Hard
View all 55 questions →