Exam SC-300 topic 3 question 42 discussion

Box 1 Managed1,Managed2,VM1,VM2 and VM3 only Box 2 VM1,VM2,VM3 and VM4

In the Question #40 - Topic 2 (https://www.examtopics.com/discussions/microsoft/view/95539-exam-sc-300-topic-2-question-40-discussion/) it is stated that you cannot assign a role to a virtual machine, so: Box 1: Managed1 only Box 2: VM1, VM2, VM3, and VM4

Going with give answers. Best explanation as to why is submitted below by contributer "Alcpt" Box 1 Managed1,Managed2,VM1,VM2 and VM3 only Box 2 VM1,VM2,VM3 and VM4

1: The Owner role in Azure can be assigned to: Since all managed identities and VMs with system-assigned identities can have roles assigned to them, the correct answer is: Managed1, Managed2, VM1, VM2, and VM3 2: Managed identities can only be assigned to VMs in the same location. Managed2 is in West US. The following VMs are in West US: VM2 and VM4 only

This is from ChatGPT. Box 1 = Managed1 only Box 2 = VM2 and VM4

Box1: Managed1, Managed2, VM1, and VM2 only Box2: VM1, VM2, VM3, VM4

Hmm, so I guess this will be have to be a lucky shot at the exam as nobody agrees.

Come now guys, instead of guessing, for block 1: deploy 2 vms in 2 rgs, in 2 different regions and then enable their SAMI's and try link as owners to a single rg. You will find that you can link the SAMI's from the 2 different regions to the same rg as owners. Hence VM1 & VM2 are correct. VM3 is using the functional UAMI1, so that will work. Only vm4 wont work as it has not UAMI nor SAMI identity. Hence , UAMI1, UAMI2, VM1 & VM2 & VM3 (using UAMI1) will work. ONLY VM4 will not work. This is simple architect work. for block 2, UAMIs are global and are not limited by region. So everything is game. V1 - V4

for the question regarding assigning the Owner role for RG1 (which is in East US), only Managed1 (which is also in East US) can be considered. Managed2 cannot be assigned the Owner role for RG1 as it is in West US.Regarding which virtual machines can be assigned to Managed2, since Managed2 is located in West US, it can only be assigned to VM2 and VM4, both of which are also in West US.Therefore, the correct answers are:Identities with Owner role: Managed1 only. Virtual machines assigned to Managed2: VM2 and VM4 only.

Box1: Managed1, Managed2, VM1, and VM2 only VM3 uses Managed1 so we use the Identity (Managed1) instead of the resource (VM3) VM4 doesn't have an Identity Box2: all VMs You can assign (User Assigned) Managed Identities to VMs that already have System Assigned Managed Identities You can test this in a lab like I did.

Box1:Managed1, Managed2, VM1, and VM2 only I agree that VM3 shouldn't count here since its identity is actually 'Managed1' Box2: VM1, VM2, VM3, VM4 This article confirms that managed identities can be used across geos: https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/managed-identities-faq

Tested this with my Azure subscription. IMHO the Box1 answer should be: Managed1, Managed2, VM1, and VM2 only. My reasoning: Since VM3’s identity is Managed1 and not VM3, you will not see VM3 in the owner role list. Virtual machine itself is not an identity. System-assigned managed identity is tied to one resource, and uses the name of the resource, so in this case VM1's and VM2's manged identities are named VM1 & VM2. User-assigned managed identity can be tied to multiple resources, so you will have to name it yourself. In this case the VM3's identity is Managed1. VM4 does not have identity at all, so you will not see it in owner role list. Please test the this in your tenant or lab and correct me if I'm wrong.

Tested in lab. Box1 Managed1,Managed2,VM1,VM2 and VM3 only System-assigned identitys is not region restricted, User-assigned is not aswell. When you add the VM1 with a system assigned identitys on as an owner on the RG. You can see in the RG RBAC permissions that the VM is added and it is created like an enterprise application. Box2 All VMs. Since user/system isn't restricted.