ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-300 All Questions

View all questions & answers for the AZ-300 exam
Go to Exam

Exam AZ-300 topic 3 question 8 discussion

Actual exam question from Microsoft's AZ-300
Question #: 8
Topic #: 3
[All AZ-300 Questions]

You create the following Azure role definition.
{
"Name": "Role1",
"Id": "80808080-8080-8080-8080-808080808080",
IsCustom : false,
"Description": "",
"Actions" : [
"Microsoft.Storage/*/read",
"Microsoft.Network/*/read",
"Microsoft.Compute/*/read",
"Microsoft.Compute/virtualMachines/start/action",
"Microsoft.Compute/virtualMachines/restart/action",
"Microsoft.Authorization/*/read"],
"NotActions": [],
"DataActions": [],
"NotDataActions": [],
"AssignableScopes": []
}
You need to create Role1 by using the role definition.
Which two values should you modify before you create Role1? Each correct answer presents part of solution.
NOTE: Each correct selection is worth one point.

  • A. IsCustom
  • B. DataActions
  • C. Id
  • D. AssignableScopes
  • E. Description
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
Part of example:
"IsCustom": true,
"AssignableScopes": [
"/subscriptions/{subscriptionId1}",
"/subscriptions/{subscriptionId2}",
"/subscriptions/{subscriptionId3}"
The following shows what a custom role looks like as displayed in JSON format. This custom role can be used for monitoring and restarting virtual machines.
{
"Name": "Virtual Machine Operator",
"Id": "88888888-8888-8888-8888-888888888888",
"IsCustom": true,
"Description": "Can monitor and restart virtual machines.",
"Actions": [
"Microsoft.Storage/*/read",
"Microsoft.Network/*/read",
"Microsoft.Compute/*/read",
"Microsoft.Compute/virtualMachines/start/action",
"Microsoft.Compute/virtualMachines/restart/action",
"Microsoft.Authorization/*/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Support/*"
],
"NotActions": [],
"DataActions": [],
"NotDataActions": [],
"AssignableScopes": [
"/subscriptions/{subscriptionId1}",
"/subscriptions/{subscriptionId2}",
"/subscriptions/{subscriptionId3}"
]
}
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles
by keithtemplin at April 27, 2020, 12:43 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
keithtemplin
Highly Voted 4 years, 12 months ago
Not ID because "The unique ID of the custom role. For Azure PowerShell and Azure CLI, this ID is automatically generated when you create a new role." Not DataActions because there are actions in the example Not Description because it is set to NULL (I.E. "") Answers are: IsCustom because "Indicates whether this is a custom role. Set to true for custom roles." and the question said it is a custom role AssignableScopes because it is a required field and is blank
upvoted 15 times
...
MMohammad
Most Recent 4 years, 7 months ago
The correct answer is: A. IsCustom D. AssignableScopes Explanation The IsCustom property must be set to true. And a scope must be assigned to the role definition.
upvoted 2 times
...
BOC
4 years, 7 months ago
Correct answers provided
upvoted 1 times
...
kondapaturi
4 years, 10 months ago
IsCustom - roleType -Indicates whether this is a custom role. Set to true or CustomRole for custom roles. Set to false or BuiltInRole for built-in roles. AssignableScopes - An array of strings that specifies the scopes that the custom role is available for assignment. You can only define one management group in AssignableScopes of a custom role. Adding a management group to AssignableScopes is currently in preview
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago