Chapter 3: Governance and Compliance

Question 1

What is a Subscription?

Answer 1

Billing unit that aggregates all costs of underlying resources
Helps segment billing units into logical ownership
Ex. Marketing vs. Engineering

Question 2

What does a subscription contain?

Answer 2

Contain resource groups and associated resources
Each resource group must be part of one single subscription
Subscription is a scoping level for deploying ARM templates

Question 3

What are some types of subscriptions?

Answer 3

Pay as you Go
Free Trial
Enterprise Agreement

Question 4

What are 3 major types of subscription naming conventions?

Answer 4

Environment - Prod, Dev, Staging
Department/Teams
Region - geographical region of the business

Question 5

What is a Management Group?

Answer 5

Container to manage subscriptions in a parent/child relationship

Question 6

What is the Root Management Group?

Answer 6

Top level management group - cannot put another manage group above

Question 7

How many levels of management groups can you have?

Answer 7

6 levels

Question 8

Can you deploy an Azure Policy at the Management Group level?

Answer 8

Yes

Question 9

Can you deploy RBAC at the Management Group level?

Answer 9

Yes

Question 10

Why is it important to understand where you set scope for RBAC and Policies?

Answer 10

The level of scope will allow those settings to flow down from there - cascade downward

Question 11

Are users given access to a root management group by default?

Answer 11

No, this would allow users highest scope control
Only the global admin

Question 12

Can Root Management Groups be moved or deleted?

Answer 12

No

Question 13

What can the global admin do in the event of getting locked out?

Answer 13

Global Administrators can elevate themselves to User Access Admin of root group

Question 14

What is an Azure Policy?

Answer 14

Enforce compliance and enable auditing
You determine what is “compliant”

Question 15

What are some use cases for policies?

Answer 15

Prohibiting services and/or resources to control costs
Enforce allowed locations

Question 16

What are the components of an Azure policy?

Answer 16

Definition
Assignment
Initiative Definition

Question 17

What is a policy definition?

Answer 17

Defines the policy - the evaluation criteria for compliance and defines the actions that take place
Audit or deny something outside of compliance
Example: Deny the creation of a resource without a specific tag

Question 18

What is a policy assignment?

Answer 18

The scope at which we assign our policy. The WHO

Question 19

What policy scopes are possible?

Answer 19

Management Group
Subscription
Resource Group
Resource

Question 20

What is a policy initiative definition?

Answer 20

Collection of policies that are tailored to achieving a singular high-level goal together

Question 21

What are Tags?

Answer 21

Name / Value pairs
Ex. Dept:Marketing, Env:Prod

Question 22

How many characters can names be? Values? Storage Accounts?

Answer 22

Names = 512
Value = 256
Storage = 128

Question 23

Are tags inherited down the hierarchy?

Answer 23

No tags stay at the set scope and are not inherited beneath.

Question 24

What is a resource lock?

Answer 24

Allows you to override permissions to resources
You can lock subscriptions, resource groups, or resources.

Question 25

What are the types of resource locks?

Answer 25

Read Only
Delete

Question 26

What is a Read Only Lock?

Answer 26

Allows users to only read a resource

Question 27

What is a CanNotDelete lock?

Answer 27

Allows you to read, modify, but not delete

Question 28

When can you not move a resource?

Answer 28

When you have a Read Only lock
You can still move with a Delete lock

Question 29

What impacts the cost of a resource?

Answer 29

Subscription type (Free, Pay as you go, enterprise agreement, Cloud Solution Provider)
Resource Type (ex. Blob vs. Table storage)
Usage Meters (CPU time, network traffic, disk size, etc.)
Resource Usage (Costs of actually using a resource)
Location (Services available in various geographical locations)

Question 30

What are some cost best practices?

Answer 30

Select appropriate resource for the use case
Plan costs ahead prior to purchase
Deallocate resources when no longer needed
Understand resource needs

Question 31

What are the main cost tools in Azure?

Answer 31

Pricing Calculator
Total Cost of Ownership Calculator
Microsoft cost management Tool

Question 32

What is the Pricing Calculator?

Answer 32

Create quotes of workloads prior to provisioning a resource

Question 33

What is the TCO calculator?

Answer 33

Scenario planning calculator to calculate how much you could save if you transitioned from on prem to the cloud.

Question 34

What is Microsoft Cost Management?

Answer 34

Helps analyze cost and set budgets

Question 35

What are the four major steps of planning a cloud strategy?

Answer 35

Define
Define governance needs of the organization
Plan
Plan which tools will be used to implement governance
Ready
Understand how those tools will be used to implement governance
Adopt
Implement governance for the organization using a cloud strategy

Question 36

What are the four major services for enforcing governance?

Answer 36

Management Groups
Subscriptions
RBAC
Policies
Tagging
Locks