You have an Azure subscription named Sub1 that contains the Azure resources shown in the following table.
You assign an Azure policy that has the following settings:
✑ Scope: Sub1
✑ Exclusions: Sub1/RG1/VNET1
✑ Policy definition: Append a tag and its value to resources
✑ Policy enforcement: Enabled
✑ Tag name: Tag4
✑ Tag value: value4
You assign tags to the resources as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: No –
Azure policy was created before the RG1 was assigned tag, which means when RG1 was manually assigned tag Tag2:IT, the policy will take action to append Tag4:vaule4 to RG1. Note that policy action is to "append", that means whatever else tag RG1 is given won’t be taken away. As such RG1 will have two tags, Tag2:IT and Tag4:value4
Box 2: No –
Remember tags are not inheritable, whatever tag assigned to RG1 won’t be applied to any resources under it. As such the Storage1 should be Tag3:value1 and Tag4:vaule4.
Box 3: No –
vNet1 is excluded from the Azure policy, hence the policy won’t do anything to it. As such vNet1 should only have the tag manually assigned: Tag3:value2. PS, I take that "Exclusions: Sub1/RG1/VNET1" does not mean both RG1 & vNet1 are excluded, only vNet1 is excluded, the Sub1/RG1/VNET1 is merely a path to the object that is excluded.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json
