HOTSPOT - You have the following custom role-based access control (RBAC) role. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
For Me N,Y,Y.
Microsoft.Compute/virtualMachines/* Perform all virtual machine actions including create, update, delete, start, restart, and power off virtual machines. Execute scripts on virtual machines.
You can argue that 2 is no because you need to write to a resource group and this doesn't exist: Microsoft.Resources/subscriptions/resourceGroups/write
Users that are assigned to Role1 can assign Role1 to user = No ( notAction = Authorization/elevateAccess/Action )
User that are assigned Role1 can deploy new virtual machine = Yes ( action = Compute/virtualMachine/* )
Users that are assigned in Role1 can set a static IP address to a virtual machine = Yes ( action = Network/networkinterface/* )
N-Y-Y
Users that are assigned Role1 can assign Role1 to users: no, because "Microsoft.Authorization/elevateAccess/Action" is under "notAction".
Source: https://learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions#notactions
Users that are assigned Role1 can deploy new virtual machines: yes, because onder "actions" we have "Microsoft.Resources/deployments/*".
Source: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/compute#virtual-machine-contributor
Users that are assigned Role1 can set a static IP address on a virtual machine: yes, because onder "actions" we have "Microsoft.Network/networkinterfaces/*".
Source: https://docs.metallic.io/metallic/azure_resource_provider_usage.html
I think the answer is No-No-Yes. The key word is “notAction”
It says Role1 can not do these:
“notAction”: [
“Microsoft.Authorization/*/Delete”,
“Microsoft.Authorization/*/Write”,
“Microsoft.Authorization/elevateAccess/Action”
I say Yes to Role1 can set a static IP address on a virtual machine, because it does not say you can not do it in "notAction"
Users that are assigned Role1 can assign Role1 to users: No (due to a lack of specific roleAssignments permissions and notActions restrictions).
Users that are assigned Role1 can deploy new virtual machines: Yes (supported by "Microsoft.Compute/virtualMachines/*").
Users that are assigned Role1 can set a static IP address on a virtual machine: Yes (supported by "Microsoft.Network/networkInterfaces/*").
Box 1: N
Because doesn't have:
Microsoft.Authorization/*/Write - Create roles, role assignments, policy assignments, policy definitions and policy set definitions
Box 2; Yes
Has been assigned;
Microsoft.Compute/virtualMachines/* - Perform all virtual machine actions including create, update, delete, start, restart, and power off virtual machines. Execute scripts on virtual machines.
Box 3: Y
Has been assigned;
Microsoft.Network/networkInterfaces/* - Create and manage network interfaces
See;
https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
I think it should be NNY. The user cannot assign to the role1 other users since ms.auth/*/write is not allowed. The user cannot create a VM since she is a reader at the RG level. The user with the Reader role on a resource group does not have permission to create a virtual machine (VM) within that resource group. The Reader role is a read-only role that only allows the user to view the resources and their configurations within the resource group. However, she can modify the IP address of the existing VM because she is a VM Contributor.
A misleading question that tests your ability to parse JSON more than anything else. The JSON value "Microsoft.Compute/virtualMachines/* gives the user with role1 the ability to perform all actions, including the ability create virtual machines. Any actions that are described by this wildcard, including /start, /deallocate, etc are not necessary to add the role. They are simply noise that is deliberately inserted to confuse the reader. Inserting noise in exhibits is a favourite tactic to lead people to an incorrect response.
This section is not available anymore. Please use the main Exam Page.AZ-104 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
fabio79
Highly Voted 2 years, 11 months agodjhyfdgjk
1 year, 5 months agodendenp
11 months, 3 weeks agohumnahibataynge
2 years, 11 months agolebowski
2 years, 11 months agoDhanishetty
2 years, 7 months agoklexams
Highly Voted 2 years, 9 months agoDankho
Most Recent 9 months, 4 weeks agoDankho
9 months, 4 weeks agoDankho
9 months, 4 weeks agojoolitan
10 months, 3 weeks agocxze
2 months, 4 weeks agoSofiaLorean
1 year, 2 months agoForkbeard
1 year, 2 months agoLovelyGroovey
1 year, 3 months agoAmir1909
1 year, 4 months agoKotNinja
1 year, 9 months agoJosete1106
2 years agoRandomNickname
2 years, 1 month agofriendlyvlad
2 years, 2 months agoSIAMIANJI
2 years, 2 months agoSIAMIANJI
2 years, 3 months agoyaboo1617
2 years, 3 months agoPhlogiston
2 years, 6 months ago