ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 1.3: GovernanceDomain 1GovernanceResource LocksRBAC

AZ-305 · Question 13 · Domain 1.3: Governance

You are the Azure Architect for a company. A critical production Azure SQL Database is hosted in a resource group named RG-Prod-DB.

To prevent accidental deletion, you apply a CanNotDelete resource lock to the RG-Prod-DB resource group.

A database administrator, who has the 'Owner' RBAC role on the resource group, attempts to delete the Azure SQL Database.

What will be the result of this action?

Answer options:

A.

The deletion will succeed because the Owner role bypasses resource locks.

B.

The deletion will fail because the resource lock overrides the Owner RBAC role.

C.

The deletion will succeed, but an alert will be generated in Azure Monitor.

D.

The deletion will fail, but the administrator can override the lock during the deletion prompt.

How to approach this question

Understand the hierarchy of control: Resource Locks override all RBAC roles.

Full Answer

B.The deletion will fail because the resource lock overrides the Owner RBAC role.✓ Correct
The deletion will fail because the resource lock overrides the Owner RBAC role.
Resource locks in Azure apply regardless of RBAC permissions. Even if a user is an Owner or a Global Administrator, they cannot delete a resource if a `CanNotDelete` lock is applied to it or its parent resource group. The user must first explicitly remove the lock (which they can do, since they are an Owner) before performing the deletion.

Common mistakes

Assuming that 'Owner' privileges bypass governance controls like locks.
12All questions14

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 3

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01Contoso Ltd is a global manufacturing company with 50,000 employees across 30 countries. They cur...MediumQ02Fabrikam Inc. is a Managed Service Provider (MSP) managing Azure environments for 50 different en...HardQ03A financial institution generates 5 TB of telemetry and audit logs daily across its Azure environ...MediumQ04A retail company has recently migrated several workloads to Azure. The IT Director wants a centra...EasyQ05A healthcare organization with 10,000 employees uses on-premises Active Directory. They are migra...Hard
View all 55 questions →