ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-203 All Questions

View all questions & answers for the AZ-203 exam
Go to Exam

Exam AZ-203 topic 4 question 1 discussion

Actual exam question from Microsoft's AZ-203
Question #: 1
Topic #: 4
[All AZ-203 Questions]

HOTSPOT -
Your company is migrating applications to Azure. The IT department must allow internal developers to communicate with Microsoft support.
The service agents of the IT department must only have view resources and create support ticket permissions to all subscriptions. A new custom role must be created by reusing a default role definition and changing the permissions.
You need to create the custom role.
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer: Explanation
Box 1: Set-AzureRmRoleDefinition Input-File C:\SupportRole.json
The Set-AzureRmRoleDefinition cmdlet updates an existing custom role in Azure Role-Based Access Control. Provide the updated role definition as an input to the command as a JSON file or a PSRoleDefinition object.
The role definition for the updated custom role MUST contain the Id and all other required properties of the role even if they are not updated: DisplayName,
Description, Actions, AssignableScope
Box 2: "*/read*."* Microsoft.Support/*"
Microsoft.Support/* Create and manage support tickets
"Microsoft.Support" role definition azure
Incorrect Answers:
Get-AzureRmRoleDefinition. The Get-AzureRmRoleDefinition command does not have an action section.
First, use the Get-AzureRmRoleDefinition command to retrieve the custom role that you wish to modify. Then, modify the properties that you wish to change.
Finally, save the role definition using the Set-AzureRmRoleDefinition command.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles-powershell
by czmiel24 at Feb. 22, 2020, 11:40 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AK89
Highly Voted 5 years, 1 month ago
Box1: Get-AzRoleDefinition –Name “Reader” | ConvertTo-Json Out-File C:\Sample.json Box2: Set-AzureRmRoleDefinition Input-File C:\SupportRole.json Box3: “read/*,Microsoft.Support/*”
upvoted 35 times
Larry616
4 years, 10 months ago
Why only read? The question mentioned it also need "create support ticket permissions"
upvoted 1 times
Larry616
4 years, 10 months ago
Got it now, box3 is suffix of command in box2, it appends "microsoft.support" permission to existing "read" permission, above answer is correct
upvoted 2 times
...
...
...
t8203
Highly Voted 4 years, 11 months ago
options: https://vceguide.com/wp-content/uploads/2020/05/Microsoft-AZ-203-date-05-08-2020_Page_183_Image_0001.jpg
upvoted 14 times
...
Sylph
Most Recent 4 years, 4 months ago
Tutorial for this exact situation: https://docs.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-powershell
upvoted 2 times
...
VK_Gladiator
4 years, 6 months ago
Given answer is correct. Actions Description */read Read resources of all types, except secrets. Microsoft.Authorization/* Manage authorization Microsoft.Support/* Create and update a support ticket Reference link: https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
upvoted 1 times
...
AnkitN
4 years, 10 months ago
If you look at the built-in role and see an example for actions to allow support to raise Microsoft support tickets, you can see the required action: Since this is clearly shown in the documentation, all other options are incorrect. For more information on the built-in roles, one can go to the below link: https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
upvoted 1 times
...
Steve_az
4 years, 10 months ago
https://vceguide.com/hotspot-905/
upvoted 3 times
...
sjsouvik
5 years, 1 month ago
answer should be : Box1: Get-AzRoleDefinition –Name “Reader” | ConvertTo-Json Out-File C:\Sample.json Box2: Set-AzureRmRoleDefinition Input-File C:\SupportRole.json Box3: “Microsoft.Support/*”
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel