Exam AZ-104 topic 2 question 66 discussion

https://www.examtopics.com/discussions/microsoft/view/57784-exam-az-500-topic-2-question-58-discussion/ i found similar questions in other page

Role3: Role1 and Azure subscription Roles only. Role4: Role2 only Explanation: There's a difference between Built-in AD roles and Built-in Subscription roles. **Built-in AD roles can't be cloned, but built-in subscription roles can be. Custom roles of either type can be cloned.** To clone the Bulit-in subscription Role, you open the subscription or the Resource group where you want to create the custom role and assign the permissions --> Go to Access Control (IAM) --> Roles tab --> Search for the subscription Role then clone it from the three dots in the right of the role. Reference: https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal

https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/custom-create

WRONG Role3: Role1 and built-in Azure subscription roles only Role4: Role2 only

Not sure if I am the only one being confused by the correct answer discussed here. Role3: Role1 and built-in Azure subscription roles only To create an Azure subscription role, you can clone existing Azure subscription roles Role1. it is a valid template. Built-in Azure subscription roles can also be used. But not neccessary cloning BOTH. So correct anwser should Role3: Role1 only Role4: Role2 only

In other exam, i always answered custom role of azure + builtin, and custom role for entra id, but i found out is wrong on azure side, try it on your own! I created a custom role, even 2 days ago, then on IAM i search it and click on "Clone role". This role wasn't clonable, i could even find it on the search manually. So the answer is: Azure can copy only from built-in Azure Role, so is the second one. For Azure AD ( Entra ID ), you can copy only from custom role, so is the first one

For Role3, you should select: Role1 and built-in Azure subscription roles only For Role4, you should select: Role2 and built-in Azure AD roles only

Final Answer: Role3: Role1 and built-in Azure subscription roles only Role4: Role2 only

Role3: Role1 and built-in Azure subscription roles only Role4: Role2 only Explanation: You cannot clone built-in Azure AD role

Role3: Role1 and built-in subscription roles only Role4: Role2 only

Thanks. Answer should be Role3: Role1 and built-in Azure subscription roles only Role4: Role2 only Explanation: You cannot clone built-in Azure AD role I've done Scenraio and it's true that role 3 = role 1 + azure ad role role 4 = role 2

Built-in AD roles can't be cloned, but built-in subscription roles can be. Custom roles of either type can be cloned.

I have tested this in lab. Role4 can be cloned only from Role2. When I try to create a new AD role, it's giving only one option 'Clone from a custom role'.

Role3: Role1 and built-in Azure subscription roles only Role4: Role2 only https://www.youtube.com/watch?v=qbnuwEohUbo&list=PLlKA5U_Yqgof3H0YWhzvarFixW9QLTr4S&index=46

Role3: Role1 and built-in Azure subscription roles only Role4: Role2 only

There is a difference between Azure Roles and Azure AD Roles. Their "cloning" rules are not the same. While you can clone an in-built Azure role, you CANNOT clone in-built Azure AD role. When creating a custom role in Azure AD, you can either choose a custom role already created OR start from scratch. So for 2nd, Answer should be Role2 only.

All roles can be cloned. Customs and Built-in. So the answer is: Role3: Role 1 and built-in Azure subscription roles only Role4; Role 2 and built-in Azure AD roles only.