ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 1.3: Design GovernanceDomain 1GovernanceResource LocksRBAC

AZ-305 · Question 11 · Domain 1.3: Design Governance

A company has a critical Azure SQL Database hosting their ERP system.

To prevent accidental deletion, an administrator applies a 'CanNotDelete' resource lock to the resource group containing the database.

A developer with the 'Owner' RBAC role on the resource group attempts to delete the SQL Database.

What will be the outcome, and why?

Answer options:

A.

The deletion will fail because resource locks override RBAC permissions.

B.

The deletion will succeed because the 'Owner' role bypasses resource locks.

C.

The deletion will fail because only the Global Administrator can delete locked resources.

D.

The deletion will succeed but the database will be moved to a soft-delete state.

How to approach this question

Remember the hierarchy of Azure Resource Manager (ARM) enforcement: Locks apply across all users and roles. They are evaluated before RBAC.

Full Answer

A.The deletion will fail because resource locks override RBAC permissions.✓ Correct
Azure Resource Locks (CanNotDelete or ReadOnly) are applied at the control plane level and override any Azure RBAC permissions. Even if a user has the 'Owner' role, they cannot delete a resource protected by a CanNotDelete lock. The user must first explicitly remove the lock (which their Owner role allows them to do) before they can delete the resource. This prevents accidental deletion by highly privileged accounts.

Common mistakes

Assuming the 'Owner' role has absolute power and bypasses locks automatically.
10All questions12

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 1

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01Contoso Ltd is a global financial institution with 80 Azure subscriptions spread across 4 managem...MediumQ02Fabrikam Inc. operates a hybrid cloud environment with 500 on-premises VMware virtual machines ru...HardQ03A startup company has a single Azure subscription with a monthly budget of $5,000. The CFO want...EasyQ04You are designing an Azure Sentinel architecture for a Managed Security Service Provider (MSSP). ...MediumQ05A healthcare enterprise is migrating its infrastructure to Azure. They have strict compliance req...Hard
View all 55 questions →