ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-301 All Questions

View all questions & answers for the AZ-301 exam
Go to Exam

Exam AZ-301 topic 2 question 23 discussion

Actual exam question from Microsoft's AZ-301
Question #: 23
Topic #: 2
[All AZ-301 Questions]

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains a resource group named RG1.
You create an Azure Active Directory (Azure AD) group named ResearchUsers that contains the user accounts of all researchers.
You need to recommend a solution that meets the following requirements:
✑ The researchers must be allowed to create Azure virtual machines.
✑ The researchers must only be able to create Azure virtual machines by using specific Azure Resource Manager templates.
Solution: On RG1, assign a custom role-based access control (RBAC) role to the ResearchUsers group.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Instead: On RG1, assign the Contributor role to the ResearchUsers group. Create a custom Azure Policy definition and assign the policy to RG1.
by Jake__ at Nov. 4, 2019, 8:27 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
pradjhun
Highly Voted 5 years, 6 months ago
But the challenge with custom role is that it will not enforce use to use template only.. That can we only enforce using Azure policy
upvoted 20 times
...
Jake__
Highly Voted 5 years, 7 months ago
Considering we do not know what the Custom RBAC role is, you cant determine if it will work or not. Custom roles can give you any access available, including giving access equal to or more than the contributor role. This question makes no sense how we would know what this customer role is. Reference: https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles
upvoted 5 times
[Removed]
5 years, 2 months ago
But the answer says provide a Contributor role to the group. Thats not least privilege
upvoted 1 times
tartar
4 years, 9 months ago
B is ok
upvoted 2 times
...
...
...
glam
Most Recent 4 years, 4 months ago
B. No.
upvoted 1 times
...
sanketshah
4 years, 6 months ago
B is correct
upvoted 1 times
...
bobby2
4 years, 9 months ago
Correct answer would be "NO" as you do not know what & all included into the custom role. I can not say "YES" until unless i know what level of authorization included into custom role. Contributor role would be right solution until we will know custom role definition/template used to create it. My answer would be "NO".
upvoted 1 times
...
kk2222
4 years, 10 months ago
Agreed
upvoted 1 times
...
dips31089
4 years, 10 months ago
Answer is correct - No. Explanation is not accurate. While a custom RBAC role will work; the goal is not met unless a policy is enforced for using specific templates.
upvoted 1 times
...
P0d
5 years ago
ANswer is should be Yes. As we can also assign custom role necessary scopes and permissions. The Contributor role is not only the solution.
upvoted 1 times
P0d
5 years ago
After Custom role we can have a policy
upvoted 1 times
P0d
5 years ago
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles#:~:text=If%20the%20Azure%20built%2Din,subscription%2C%20and%20resource%20group%20scopes.
upvoted 1 times
...
...
...
vrana
5 years ago
Why cannot a custom role work? Give contributor access and remove VM creation privilege. To me, answer is Yes.
upvoted 1 times
...
TYT
5 years, 1 month ago
You'll need a Policy.
upvoted 1 times
...
Rajuuu
5 years, 2 months ago
The Answer should be YES as the exiting Contributor roles satisfy the requirement even using the RM templates.
upvoted 1 times
Rajuuu
5 years, 2 months ago
Please ignore ,,,Answer is No
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel