Exam SC-300 topic 1 question 35 discussion

I think it's: Role1: Microsoft.App https://learn.microsoft.com/en-us/azure/container-apps/quickstart-portal#prerequisites Role2: Microsoft.Security https://learn.microsoft.com/en-ie/rest/api/defenderforcloud/adaptive-network-hardenings/enforce?tabs=HTTP

Role1: Microsoft.App (for containers) Role2: Microsoft.Security Microsoft.Security controls the Security Center (renamed Defender for Cloud) (https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-services-resource-providers), which handles Adaptive Network Hardening (https://learn.microsoft.com/en-us/azure/defender-for-cloud/adaptive-network-hardening#what-is-adaptive-network-hardening)

The correct answer is: Role1: Microsoft.App Role2: Microsoft.Security Explanation: Role1 requires permissions to create or delete instances of Azure Container Apps. The relevant resource provider for Azure Container Apps is Microsoft.App. This provider includes the necessary permissions to manage container app instances. Role2 needs to enforce adaptive network hardening rules, which are part of Azure Security Center's capabilities. The Microsoft.Security resource provider contains the permissions required to enforce adaptive network hardening and other security-related configurations. Resource Links: For more details on Azure resource providers and roles: Microsoft.App resource provider Microsoft.Security resource provider

The answer here is wrong. It is Role 1: Microsoft.App, not compute - Given these options, here are the appropriate resource provider permissions for each role: Role1 (Create or delete instances of Azure Container Apps): Microsoft.App/containerApps/write: Allows creating or updating Azure Container Apps. Microsoft.App/containerApps/delete: Allows deleting Azure Container Apps. Role2 (Enforce adaptive network hardening rules): Microsoft.Security/adaptiveNetworkHardenings/write: Allows enforcing adaptive network hardening rules. Microsoft.Security/adaptiveNetworkHardenings/read: Allows reading adaptive network hardening rules. These permissions ensure that users assigned to Role1 can manage Azure Container Apps, while users assigned to Role2 can enforce network security rules effectively.

To create custom roles that meet the specified requirements, you need to ensure the correct permissions are applied for each role. Role1: Create or delete instances of Azure Container Apps For Role1, users need permissions related to managing Azure Container Apps. The correct resource provider and permission are: Microsoft.App/containerApps/write: This permission allows users to create and delete Azure Container Apps instances. It provides the necessary capability for Role1. Role2: Enforce adaptive network hardening rules For Role2, users need permissions related to adaptive network hardening, which is part of Microsoft Defender for Cloud. The correct resource provider and permission are: Microsoft.Security/adaptiveNetworkHardenings/write: This permission allows users to enforce adaptive network hardening rules. It fits the requirement for Role2, providing users with the ability to manage these security rules. Summary: Role1: Microsoft.App/containerApps/write Role2: Microsoft.Security/adaptiveNetworkHardenings/write

To meet the requirements for creating the custom roles, you need to assign the following resource provider permissions: Role1: Create or delete instances of Azure Container Apps Microsoft.App: This resource provider includes the necessary permissions to manage Azure Container Apps1. Role2: Enforce adaptive network hardening rules Microsoft.Security: This resource provider includes the necessary permissions to manage and enforce adaptive network hardening rules2.

Role1: Microsoft.App (for containers). Role2: Microsoft.Security.

- Role 1: Microsoft.App - Role 2: Microsoft.Security. Deploy container app using the Azure portal: Make sure to have the Resource Provider "Microsoft.App" registered. https://learn.microsoft.com/en-us/azure/container-apps/quickstart-portal#prerequisites. Adaptive Network Hardening --> Microsoft.Security/adaptiveNetworkHardenings/read resource provider is Microsoft.Security: https://learn.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftsecurity

For Role1, the key word is Azure Container Apps. Compute is for Virtual Machines, App is for Azure Container Apps. Role 2 is Security as mentioned before.

It shoud be Microsoft.App and Microsoft.Security https://learn.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftapp

Role 1: Microsoft.App Role 2 : Microsoft.Security

Role 1: Microsoft.App Role 2 : Microsoft.Security

Correct: 1. Microsoft.Apps 2. Microsoft.Security

Role 1: Microsoft.App microsoft.app/containerapps/delete microsoft.app/containerapps/write Role 2: Microsoft.Secuirty Microsoft.Security/adaptiveNetworkHardenings/enforce/action

Role 1: Microsoft.App https://learn.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftapp Role2: Microsoft.Security https://learn.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftsecurity

ChatGPT says its: Role 1: Compute Role 2: Network

It is Microsoft.compute.......ask chatgpt what is in graph microsoft.compute and what is in graph microsoft.app