Microsoft Azure Solutions Architect Expert AZ-305 Practice Question
A company runs workloads in Azure across two subscriptions. The organization has three departments: Finance, Engineering, and Marketing. Each department hosts resources in dev, test, and production environments. Compliance requires that all Azure resources include the tags CostCenter and DataClassification. Only a defined list of approved resource types may be deployed in production. You are designing the governance hierarchy and controls. Which approach best meets the requirements with minimal administrative overhead?
Create separate subscriptions for every department and environment. Use Azure RBAC to block creation of unapproved resource types and apply the required tags through deployment-time ARM templates.
In each subscription, create resource groups for every department and environment. Apply resource locks on production resource groups to prevent unapproved resource types and rely on Azure AD Privileged Identity Management to ensure tagging compliance.
Enable an Azure Policy at the subscription level that audits for missing tags and instruct departmental owners to fix non-compliant resources manually. Organize management groups by department rather than environment.
Create a root management group and child management groups for Dev, Test, and Prod. Move each subscription to the appropriate environment management group and assign an Azure Policy initiative at the environment level that requires the CostCenter and DataClassification tags and restricts unapproved resource types.
The most efficient solution is to use Azure management groups to reflect the environment hierarchy (Dev, Test, Prod) and assign an Azure Policy initiative at the environment level. Policies assigned to a management group automatically inherit to every subscription and resource group beneath it, eliminating the need to duplicate assignments. A single initiative can both require specific tags and restrict resource types in production, providing centralized, automated enforcement with minimal ongoing effort. Relying on multiple subscriptions for every department and environment, resource locks, or manual remediation would increase administrative complexity and does not guarantee automatic compliance enforcement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Azure management groups, and how do they help in governance?
Open an interactive chat with Bash
What is an Azure Policy initiative, and how does it differ from an individual policy?
Open an interactive chat with Bash
Why is assigning policies at the management group level more efficient than at the subscription or resource group level?
Open an interactive chat with Bash
Microsoft Azure Solutions Architect Expert AZ-305
Design identity, governance, and monitoring solutions
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .