Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 2 question 54 discussion

Actual exam question from Microsoft's AZ-104
Question #: 54
Topic #: 2
[All AZ-104 Questions]

HOTSPOT -
You configure the custom role shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: roletype -
You need to configure Azure RBAC policy to determine who can log in to the VM. Two Azure roles are used to authorize VM login:
Virtual Machine Administrator Login: Users with this role assigned can log in to an Azure virtual machine with administrator privileges.
Virtual Machine User Login: Users with this role assigned can log in to an Azure virtual machine with regular user privileges.
Note, example roletype:
"roleName": "Virtual Machine Administrator Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"

Box 2: assignableScopes -
Azure role-based access control (Azure RBAC) is the authorization system you use to manage access to Azure resources. To grant access, you assign roles to users, groups, service principals, or managed identities at a particular scope.
When you assign roles, you must specify a scope. Scope is the set of resources the access applies to. In Azure, you can specify a scope at four levels from broad to narrow: management group, subscription, resource group, and resource.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
by pkkalra at Aug. 30, 2022, 12:44 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
pkkalra
Highly Voted 2 years, 1 month ago
the answer is wrong. you are not defining a policy but a custom role. You need to provide either of the following in DataActions: Microsoft.Compute/virtualMachines/login/action Microsoft.Compute/virtualMachines/loginAsAdmin/action correct answer is dataActions and assignableScopes
upvoted 211 times
go4adil
8 months, 3 weeks ago
Agreed....Correct Answer is 'dataActions' and 'assignableScopes' In custom roles, 'roleType' only indicates whether this is a custom role. It is set to "true" or "CustomRole" for custom roles and set to "false" or "BuiltInRole" for built-in roles. So, modifying 'roleType' for this custom role won't grant users access to log in to virtual machines that are assigned role1
upvoted 7 times
...
...
C_M_M
Highly Voted 1 year, 5 months ago
The key to understanding the first option is to understand the Control plane VS Data plane Action/notAction is the control plane, and DataAction/notDataAction is the data plane. Logging into a VM is data plane - So it should be defined at the DataAction https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/control-plane-and-data-plane
upvoted 21 times
ajdann
1 year, 1 month ago
Thank you, this helped me understand the difference
upvoted 2 times
...
...
SeMo0o0o0o
Most Recent 4 weeks ago
WRONG dataActions assignableScopes
upvoted 2 times
...
behradcld
1 month ago
first one is dataActions. proof is in here: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/compute
upvoted 1 times
...
divzrajshekar123
2 months, 1 week ago
ANSWER IS dataactions and Assignable Scope
upvoted 2 times
...
ajay01avhad
2 months, 1 week ago
For the first requirement: actions For the second requirement: assignableScopes
upvoted 2 times
...
23169fd
3 months, 3 weeks ago
tested: Actions and Assignable Scope "Microsoft.Compute/virtualMachines/login/action"
upvoted 4 times
Highgate
1 month, 2 weeks ago
MSLearn says Microsoft.Compute/virtualMachines/login/action is a dataAction "DataActions Microsoft.Compute/virtualMachines/login/action Log in to a virtual machine as a regular user" https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/compute#virtual-machine-user-login
upvoted 1 times
...
...
76d5e04
4 months ago
It is very time consuming and causing confusion to decide which is correct answer as the examtopic has not assured their answer is 100% correct. Also for some questions mostly voted % is missing so not able to judge the correct answer. I have exam scheduled by end of June, please teach me how to arrive at the correct answer
upvoted 2 times
...
23169fd
4 months, 1 week ago
Correct answer: Actions and Assignable Scope. "Microsoft.Compute/virtualMachines/login/action"
upvoted 1 times
...
varinder82
4 months, 2 weeks ago
Final Answer : Data Action and AssignableScope
upvoted 2 times
...
varinder82
4 months, 3 weeks ago
Final Answer : DataActions and assignableScopes
upvoted 2 times
...
LovelyGroovey
4 months, 3 weeks ago
Regarding the first question, any modification inside the virtual machine is called Data action. Many people may think the answer is actions but actions are something to do with the virtual machine itself. In this case, we are not going to do anything with virtual machine. It just want users to sign in to the VM. We are not doing anything with the VM. Answer is Data Actions 2nd one should be assignableScopes
upvoted 3 times
Dankho
1 week, 5 days ago
Wrong! Here's why: Actions cover control-plane tasks related to managing Azure resources, including virtual machines. Logging into a VM (whether through SSH or RDP) is considered part of managing or operating the VM, so it is a control-plane (management) operation. DataActions apply to interacting with the data inside a resource, like reading or writing files stored in a storage account or querying a database.
upvoted 2 times
...
behradcld
1 month ago
very nice explanation. Bravo :)
upvoted 1 times
...
...
3c5adce
4 months, 4 weeks ago
Correct answer: dataActions and assignableScopes
upvoted 2 times
...
3c5adce
5 months ago
For statement A: To ensure that users can sign in to virtual machines that are assigned role1, modify the actions section. For statement B: To ensure that role1 can be assigned only to a resource group named RG1, modify the assignableScopes section.
upvoted 2 times
...
promartyr
6 months, 2 weeks ago
Is the role "role1" assigned to the user or to the VM?
upvoted 1 times
...
Amir1909
6 months, 2 weeks ago
- dataActions - assignableScopes
upvoted 1 times
...
18c2076
6 months, 3 weeks ago
Answer is INCORRECT: Correct answer: dataActions and assignableScopes Please review the Azure Virtual Machine User Login built-in role for comparison - see dataActions. https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/role-based-access-control/built-in-roles/compute.md#virtual-machine-user-login
upvoted 2 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel