ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 1.3: GovernanceDomain 1GovernanceAzure PolicyTagging

AZ-305 · Question 12 · Domain 1.3: Governance

You are implementing a resource tagging strategy for cost allocation.

You create an Azure Policy that requires the tag 'CostCenter' on all Resource Groups. You assign this policy with the 'Modify' effect to your main subscription.

After assigning the policy, you notice that newly created Resource Groups receive the tag automatically, but existing Resource Groups that were created before the policy assignment do not have the tag.

Which TWO actions must you take to ensure existing Resource Groups get the tag? (Select TWO)

Answer options:

A.

Change the policy effect from 'Modify' to 'Append'.

B.

Create a remediation task.

C.

Ensure the Managed Identity has the 'Tag Contributor' role.

D.

Trigger a manual policy compliance scan using the Azure CLI.

E.

Apply a Resource Lock to the existing Resource Groups.

How to approach this question

Understand how Azure Policy handles existing resources. Policies only trigger on PUT/PATCH requests. For existing resources, you need a Remediation Task and an identity with permissions to execute it.

Full Answer

Create a remediation task, Ensure the Managed Identity has the 'Tag Contributor' role
By default, Azure Policy only evaluates and applies effects (like Modify or Append) during resource creation or update (PUT/PATCH requests). To apply tags to existing resources, you must create a Remediation Task. Because the remediation task modifies resources in the background, the policy assignment requires a Managed Identity with the appropriate RBAC permissions (e.g., Tag Contributor or Contributor) to make those changes.

Common mistakes

Thinking that a policy compliance scan automatically fixes resources. Scans only report compliance; remediation tasks actually fix them.
11All questions13

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 5

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01Contoso Ltd has 50 subscriptions across 3 business units. Each business unit manages its own IT o...EasyQ02You are designing a monitoring solution for a hybrid environment. The environment consists of 200...MediumQ03Your company uses Microsoft Sentinel integrated with a Log Analytics workspace. The workspace ing...HardQ04You are designing an application monitoring strategy using Application Insights. The application ...MediumQ05A highly regulated financial institution is migrating to Microsoft 365 and Azure. They currently ...Hard
View all 55 questions →