You need to implement the Azure RBAC role assignments for the Network Contributor role. The solution must meet the authentication and authorization requirements. What is the minimum number of assignments that you must use?
Litware has two Azure tenants. One tenant with 10 subscriptions and one tenant with five subscriptions. We can organize the subscriptions of the two tenants in a management group each and assign users to the Network Contributor role or to Role1 at the management group level.
i would say B.2 as root management group is created by default in a Tenant and we have 2 Tenants here.
But as they are not mentionning management group it could also be 15 assigment (one per subscription)
E - 15) There are 2 Tenants with 15 total subscriptions. Medium size company with only 1 office. I can't find anything in the use case stating they have enabled management groups, or anything mentioning a "Tenant Root Group". The RBAC for network contributor would be assigned at the "Tenant Root Group" if management groups were enabled. Otherwise, they would assign it at the next best thing, the 15 subscriptions.
Per https://learn.microsoft.com/en-us/azure/governance/management-groups/overview#root-management-group-for-each-directory ... "Each directory is given a single top-level management group called the root management group. The root management group is built into the hierarchy to have all management groups and subscriptions fold up to it. This root management group allows for global policies and Azure role assignments to be applied at the directory level". So from this, a root MG exists for every Azure tenant/directory, so we would only need 2 RBAC assignments to each root MG
Since this states that "Litware has a second Azure AD tenant named dev.litware.com", a tenant is a security boundary, so corp.litware.com AAD tenant has no access to dev.litware.com AAD tenant. Hence, need 2 RBAC roles (one in each tenant)
The network contains an Active Directory forest named litware.com that is linked to an Azure Active Directory (Azure AD) tenant named litware.com.
Litware has a second Azure AD tenant named dev.litware.com that is used as a development environment.
Where would 2 come from? Two domains? Two Tennant's?
You can put both the domains into one Tennant with one management group, where you would assign your role.
"Management groups give you enterprise-grade management at scale no matter what type of subscriptions you might have. However, all subscriptions within a single management group must trust the same Azure Active Directory (Azure AD) tenant."
Therefore you cannot have a management group that spans AAD tenants and that's why it cannot be A.
https://learn.microsoft.com/en-us/azure/governance/management-groups/overview
upvoted 4 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
darren888
Highly Voted 2 years agomscbgslt
Highly Voted 1 year, 11 months agoSeMo0o0o0o
Most Recent 2 weeks, 6 days agoalexespejoch
1 year, 4 months agogloby118
1 year, 9 months agololo13698
2 years, 1 month agoMltytskr
1 year, 11 months agoayadmawla
11 months agoWickedMJ
2 years, 1 month agoezfix
2 years, 2 months agoMltytskr
1 year, 11 months agoronsav80
2 years, 1 month agocj00
2 years, 2 months agoronsav80
2 years, 2 months agomlounge
2 years, 2 months agojellybiscuit
2 years, 2 months agomufflon
2 years, 2 months agoKarVaid
2 years, 2 months agololo13698
2 years, 1 month agoKarVaid
2 years, 2 months agoFabrityDev
1 year, 10 months ago