Answer-first summary for fast verification
Answer: Apply a read-only lock to RG1.
The correct answer is B because applying a read-only lock to RG1 prevents all three prohibited operations: deleting the resource group itself, modifying resources within it, and deleting resources from it. This lock type provides comprehensive protection by making the resource group and its contents immutable. Option A (delete lock) only prevents deletion of the resource group but allows modifications to resources. Option C (RBAC permissions) requires complex configuration and may not reliably prevent all specified actions. Option D (adding a tag) has no security function and only serves organizational purposes. The community discussion strongly supports B with 86% consensus and detailed explanations confirming that read-only locks prevent both modifications and deletions at all levels.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You have an Azure subscription with a resource group named RG1. You need to prevent users from being able to delete the RG1 resource group, modify the resources within RG1, or delete any resources from RG1.
What should you do?
A
Apply a delete lock to RG1.
B
Apply a read-only lock to RG1.
C
Grant role-based access control (RBAC) permissions to RG1.
D
Add a tag to RG1.
No comments yet.