ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 1.3: GovernanceDomain 1Resource LocksGovernanceStorage

AZ-305 · Question 12 · Domain 1.3: Governance

You have an Azure Storage account containing critical compliance archives.

You apply a 'ReadOnly' resource lock to the Storage account at the Azure Resource Manager (ARM) level.

What is the effect of this lock on the data within the Storage account?

Answer options:

A.

Users cannot delete the storage account, but they can modify its configuration (e.g., change access tiers).

B.

Users cannot read, write, or delete blobs within the storage account.

C.

Users cannot delete or modify the storage account configuration, but they CAN read, write, and delete blobs within the account if they have data-plane access.

D.

Users can read blobs, but cannot write or delete blobs within the storage account.

How to approach this question

Understand the difference between the Management Plane (ARM) and the Data Plane in Azure.

Full Answer

C.Users cannot delete or modify the storage account configuration, but they CAN read, write, and delete blobs within the account if they have data-plane access.✓ Correct
Azure Resource Locks (CanNotDelete and ReadOnly) apply only to the management plane (Azure Resource Manager). They prevent accidental deletion or modification of the resource's configuration. However, they do NOT restrict data-plane operations. Therefore, a user with the appropriate data-plane permissions (e.g., Storage Blob Data Contributor) can still read, write, and delete blobs inside the locked storage account. To make the data itself immutable, you must use Blob Storage Immutability Policies (WORM).

Common mistakes

Assuming a ReadOnly lock on a storage account makes the blobs inside it read-only. This is a very common exam trap.
11All questions13

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 2

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01Fabrikam Inc. is a global financial services company with 200 Azure subscriptions managed via a c...HardQ02A healthcare organization has 500 on-premises Windows Server VMs and 300 Azure VMs. They are impl...HardQ03You are designing a security monitoring solution using Microsoft Sentinel. The compliance depar...EasyQ04Your company has a microservices application deployed across multiple Azure App Service instances...MediumQ05A defense contractor is migrating to Microsoft 365 and Azure. They have a strict security policy ...Hard
View all 55 questions →