ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 1.3: GovernanceDomain 1GovernanceAzure PolicyCost Optimization

AZ-305 · Question 11 · Domain 1.3: Governance

Your company has an Azure environment with 10 subscriptions under a single Management Group named 'MG-Corp'.

To control costs, the finance team requires that developers can only deploy specific, cost-effective Virtual Machine SKUs (e.g., D-series and B-series) across all subscriptions. If a developer attempts to deploy an expensive GPU-optimized VM (e.g., N-series), the deployment must be blocked immediately.

Which governance solution should you implement?

Answer options:

A.

Assign an Azure Policy with an 'Audit' effect at the 'MG-Corp' management group level.

B.

Assign an Azure Policy with a 'Deny' effect at the 'MG-Corp' management group level.

C.

Configure Azure Role-Based Access Control (RBAC) custom roles to remove the 'Microsoft.Compute/virtualMachines/write' permission for N-series VMs.

D.

Implement Azure Resource Locks on all resource groups.

How to approach this question

Identify the tool used to enforce rules on resource properties (Policy) vs access (RBAC). Choose the effect that blocks deployment.

Full Answer

B.Assign an Azure Policy with a 'Deny' effect at the 'MG-Corp' management group level.✓ Correct
Assign an Azure Policy with a 'Deny' effect at the 'MG-Corp' management group level.
Azure Policy is the correct tool for enforcing rules on resource properties, such as allowed VM SKUs, locations, or required tags. To block the deployment of non-compliant resources, the policy must use the 'Deny' effect. Applying it at the Management Group level ensures it cascades to all 10 subscriptions. RBAC cannot restrict specific SKUs, as it only grants or denies API actions, not payload properties.

Common mistakes

Confusing RBAC with Azure Policy. RBAC is for 'who can do what', Policy is for 'what can be created and how'.
10All questions12

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 5

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01Contoso Ltd has 50 subscriptions across 3 business units. Each business unit manages its own IT o...EasyQ02You are designing a monitoring solution for a hybrid environment. The environment consists of 200...MediumQ03Your company uses Microsoft Sentinel integrated with a Log Analytics workspace. The workspace ing...HardQ04You are designing an application monitoring strategy using Application Insights. The application ...MediumQ05A highly regulated financial institution is migrating to Microsoft 365 and Azure. They currently ...Hard
View all 55 questions →