AZ-500 Question #528: Real Exam Question with Answer & Explanation

Submitted by manish99· Mar 6, 2026Manage Azure Identities and Governance – Implement and manage Azure Policy to enforce organizational standards and assess compliance across Azure resources, including understanding policy scope inheritance (subscription and resource group levels) and allowed resource type restrictions.

Question

Hotspot Question You have an Azure subscription named Sub1 that contains two resource groups named RGnet and NET. You have the Azure Policy definition shown in the following exhibit. You assign the policy definition to Sub1 and NET. You plan to deploy the resources shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Answer:

Explanation

The Azure Policy definition shown restricts resource deployments to only allow 'Microsoft.Network' resource types within the assigned scope. VNet1 (Microsoft.Network/virtualNetworks) and ASG1 (Microsoft.Network/applicationSecurityGroups) are both Network resource types, so they comply with the policy and can be deployed to RGnet and NET respectively. Storage1 (Microsoft.Storage/storageAccounts) is NOT a Microsoft.Network resource type, so the policy denies its deployment to RGnet, which is under the Sub1 scope where the policy is assigned.

Topics

#Azure Policy#Resource Governance#Policy Assignment Scope#Resource Types

Community Discussion

No community discussion yet for this question.

Full AZ-500 Practice Browse All AZ-500 Questions