ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 6 question 2 discussion

Actual exam question from Microsoft's SC-100
Question #: 2
Topic #: 7
[All SC-100 Questions]

You need to recommend a solution to meet the security requirements for the InfraSec group.
What should you use to delegate the access?

  • A. a subscription
  • B. a custom role-based access control (RBAC) role
  • C. a resource group
  • D. a management group
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by SkippyTheMagnificent at Sept. 5, 2022, 7:08 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
TheMCT
Highly Voted 1 year, 8 months ago
Selected Answer: B
a custom role-based access control (RBAC) role - can be used to delegate access
upvoted 21 times
...
TheMCT
Highly Voted 1 year, 9 months ago
Given answer is correct: B. a custom role-based access control (RBAC) role - can be used to delegate access
upvoted 5 times
...
slobav
Most Recent 8 months, 2 weeks ago
Answer: B https://www.youtube.com/watch?v=r-P-2lGzPFQ&list=PLQ2ktTy9rklhzzkSEZvDZT4QSIVUQZD-Y&index=9 SC-100 Question 107
upvoted 1 times
...
zellck
1 year ago
Selected Answer: B
B is the answer. https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles If the Azure built-in roles don't meet the specific needs of your organization, you can create your own custom roles. Just like built-in roles, you can assign custom roles to users, groups, and service principals at management group, subscription, and resource group scopes.
upvoted 2 times
...
awssecuritynewbie
1 year, 3 months ago
Selected Answer: B
The reason the RBAC is good it is because the other options do not offer the exact permission to manage the NSG, Firewall, Front door and etc. Therefore we would need a Custom role based access control.
upvoted 2 times
...
Granwizzard
1 year, 8 months ago
Selected Answer: A
In my opinion, I would assign the network role to the subscription or use management groups. Since there is only one subscription, I'd go with option A, management groups will add more complexity unless you want to use PIM. But since PIM is not mentioned A should be the correct answer.
upvoted 2 times
Granwizzard
1 year, 8 months ago
My bad should it be B
upvoted 6 times
...
...
SkippyTheMagnificent
1 year, 9 months ago
I would go with “subscription” as the RBAC assignment would be made on the sub1 subscription. There doesn’t appear to be a need for a custom role. Network Contributor would be sufficient and appropriate given the requirements.
upvoted 3 times
JakeCallham
1 year, 7 months ago
nope that would be too much, one should always follow least priviledge, so custom RBAC is the way. You already say it, it would be sufficient, as in it has enough rights, but it also has too many rights.
upvoted 2 times
D3D1997
1 year, 4 months ago
Indeed. Network would give the rights to add/remove Subnets, NICs and so on. Not on the list of the duties of the Infrasec group. The question doesn't have the "require the least amount of effort" sentence
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel