Microsoft Azure Architect Design (AZ-304) Practice Test

Which Azure feature enables you to restrict the creation of virtual machines to specific regions and sizes?

• A. Conditional access policies
• B. Azure Policy
• C. Azure Resource Manager templates
• D. Role-based access control (RBAC)

The correct answer is: Azure Policy

The feature that allows you to restrict the creation of virtual machines to specific regions and sizes is Azure Policy. Azure Policy is a service that allows you to create, assign, and manage policies that control or audit your Azure resources. By using Azure Policy, you can enforce rules over your resources, such as limiting virtual machines to certain geographical regions and sizes, ensuring that compliance with your organizational standards is maintained. With Azure Policy, you can create a policy definition that specifies the allowed regions and sizes for virtual machines. When users try to create a new virtual machine that does not comply with the policy, Azure will prevent the deployment from occurring. This capability is particularly useful for organizations looking to manage costs, maintain compliance, or adhere to regional data residency requirements. In contrast, conditional access policies primarily focus on enhancing security by controlling access to applications based on various conditions, like user location or device compliance. Azure Resource Manager templates are used for deploying and managing Azure resources rather than enforcing restrictions on their creation. Role-based access control (RBAC) manages user permissions and roles but does not inherently restrict the specific details like region or size when creating resources.