RBAC roles must be applied at the highest level possible.
Resiliency Requirements
Litware identifies the following resiliency requirements:
Once migrated to Azure, DB1 and DB2 must meet the following requirements:
- Maintain availability if two availability zones in the local Azure region fail.
- Fail over automatically.
- Minimize I/O latency.
App1 must meet the following requirements:
- Be hosted in an Azure region that supports availability zones.
- Be hosted on Azure virtual machines that support automatic scaling.
- Maintain availability if two availability zones in the local Azure region fail.
Security and Compliance Requirements
Litware identifies the following security and compliance requirements:
Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and
the modification of new and existing data is prevented for a period of three years.
On-premises users and services must be able to access the Azure Storage account that will
host the data in App1.
Access to the public endpoint of the Azure Storage account that will host the App1 data must be
prevented.
All Azure SQL databases in the production environment must have Transparent Data
Encryption (TDE) enabled.
App1 must NOT share physical hardware with other workloads.
Business Requirements
Litware identifies the following business requirements:
Minimize administrative effort.
Minimize costs.
After you migrate App1 to Azure, you need to enforce the data modification requirements to meet
the security and compliance requirements.
What should you do?
Create an access policy for the blob service.
Implement Azure resource locks.
Create Azure RBAC assignments.
Modify the access level of the blob service.
Answer: B
Explanation:
Scenario: Once App1 is migrated to Azure, you must ensure that new data can be written to the
app, and the modification of new and existing data is prevented for a period of three years.
As an administrator, you can lock a subscription, resource group, or resource to prevent other
users in your organization from accidentally deleting or modifying critical resources. The lock
overrides any permissions the user might have.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources
https://shop499942848.taobao.com/?spm=a230r.7195193.1997079397.2.56ac7b73E6wnrU
评论2
最新资源