Microsoft Azure Fundamentals — Question 368

You have an Azure subscription that contains a resource group named RG1.

Users must NOT be able to perform the following operations:

• Delete RG1.
• Modify resources in RG1.
• Delete resources from RG1.

What should you do?

Answer options

• A. Apply a delete lock to RG1.
• B. Apply a read-only lock to RG1.
• C. Grant role-based access control (RBAC) permissions to RG1.
• D. Add a tag to RG1.

Correct answer: B

Explanation

Applying a read-only lock to RG1 ensures that users cannot modify or delete any resources within the group, as it restricts all write operations. A delete lock would only prevent deletion of RG1 but would still allow modifications, which does not meet all requirements. Granting RBAC permissions may allow users to modify resources if they have sufficient rights. Adding a tag does not affect permissions or actions on the resource group.