Microsoft Azure Solutions Architect Expert AZ-305 Practice Question
Contoso Ltd has three Azure subscriptions in a single management group. The company must prove ongoing ISO 27001 compliance, view a consolidated compliance score for all subscriptions, automatically deploy the Log Analytics agent to any virtual machine that is missing it, and let resource owners request time-bound documented waivers for individual controls when justified. You need to recommend the Azure-native approach that best meets all these requirements. Which approach should you recommend?
Publish an ISO 27001 Azure Blueprint and lock the blueprint assignments for all subscriptions.
Assign the built-in ISO 27001 initiative in Azure Policy at the management-group level, using DeployIfNotExists policies and policy exemptions.
Enable Microsoft Defender for Cloud's regulatory compliance dashboard and create custom ISO 27001 recommendations for each subscription.
Use Azure Advisor to generate ISO 27001 scorecards and apply resource locks to prevent configuration drift.
Assigning the built-in ISO 27001 initiative in Azure Policy at the management-group scope gives a single compliance dashboard that aggregates data from all underlying subscriptions. The initiative's policies include DeployIfNotExists effects that can automatically install the Log Analytics agent on non-compliant VMs, providing remediation. Azure Policy also supports creating exemptions, which record approved waivers with justification and duration for audit purposes. Azure Blueprints can bundle artifacts but relies on Azure Policy for evaluation and lacks native exemption management. Microsoft Defender for Cloud offers a regulatory compliance view but cannot apply DeployIfNotExists remediation across custom controls or provide policy-level exemptions. Azure Advisor and resource locks do not supply compliance initiatives, scoring, or exemption workflows. Therefore, using an Azure Policy initiative is the only option that satisfies all stated needs.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an Azure Policy initiative?
Open an interactive chat with Bash
What is the DeployIfNotExists effect in Azure Policy?
Open an interactive chat with Bash
What are policy exemptions in Azure Policy?
Open an interactive chat with Bash
Microsoft Azure Solutions Architect Expert AZ-305
Design identity, governance, and monitoring solutions
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .