ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 4 question 72 discussion

Actual exam question from Microsoft's SC-300
Question #: 72
Topic #: 4
[All SC-300 Questions]

You have an Azure subscription.

You need to use Microsoft Entra Permissions Management to automatically monitor permissions and create and implement right-size roles. The solution must follow the principle of least privilege.

Which role should you assign to the service principal of Permissions Management?

  • A. User Access Administrator
  • B. Contributor
  • C. Reader
  • D. Owner
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by dzdz at March 29, 2024, 2:19 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dzdz
Highly Voted 8 months, 2 weeks ago
A. User Access Administrator To use Microsoft Entra Permissions Management to automatically monitor permissions and create and implement right-size roles while following the principle of least privilege, you should assign the User Access Administrator role to the service principal of Permissions Management. The User Access Administrator role allows the service principal to manage user access to Azure resources, including the ability to grant and revoke access, but it does not grant excessive permissions such as Contributor or Owner roles. This aligns with the principle of least privilege, ensuring that the service principal has the necessary permissions to perform its tasks without unnecessary access to modify resources.
upvoted 11 times
...
ProNerd
Most Recent 1 day, 2 hours ago
Selected Answer: A
needs access to create the roles, so it's user access admin
upvoted 1 times
...
Labelfree
3 weeks, 6 days ago
Selected Answer: A
Can some of you guys saying A? Hit the voting comment here and select that answer. Nobody has answered that yet, but -- that's the correct answer. Why User Access Administrator is the Correct Role: User Access Administrator allows the service principal to manage permissions for Azure resources, including creating and assigning roles and managing access. This role provides sufficient privileges to monitor permissions and implement the right-sizing of roles in alignment with the least privilege principle. User Administrator allows for the creation of custom roles, role assignments, and the ability to configure access management, which is essential for what is asked here. you can create and manage resources with Contributor but not permissions.
upvoted 2 times
...
martutene
1 month, 3 weeks ago
Selected Answer: C
It's reader, appears on John Christopher's video. Then the user that uses the service needs a role that can do that, but to read info from the cloud providers in azure is the reader role.
upvoted 1 times
martutene
1 month, 3 weeks ago
I was wrong, I think it is User Access Administrator : Manage user access to Azure resources Assign roles in Azure RBAC Assign themselves or others the Owner role https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles
upvoted 1 times
martutene
1 month, 3 weeks ago
Watch John Savills' video, it must be user access admin because the question asks about right sizing roles. https://www.youtube.com/watch?v=lWUV4KZNzIk
upvoted 2 times
...
...
...
jarattdavis
4 months, 2 weeks ago
Selected Answer: B
Correct Answer B: To use Microsoft Entra Permissions Management to automatically monitor permissions and create and implement right-size roles while following the principle of least privilege, you should assign the Contributor role to the service principal12. This role provides the necessary permissions to manage resources without granting full administrative access.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago